The rogue app suspected to be the root cause of bringing down computers across the world is ironically aimed at protecting PCs from hackers.

Crowdstrike is a cybersecurity service designed to stop internet breaches for the world’s biggest companies, but a broken update is believed to brought the world to its knees.

The software update is believed to have been sent out to subscriber computers on Friday afternoon and instantly caused chaos.

It’s believed to have sent servers, desktop PCs, laptops and corporate computer terminals into a death spiral of reboots and the so-called ‘blue screen of death’, with the error message: ‘DRIVER_OVERRAN_STACK_BUFFER’

‘CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor,’ the company admitted in a statement as the disaster unfolded worldwide.

‘Symptoms include hosts experiencing a bugcheck/blue screen error related to the Falcon Sensor. 

‘Our engineering teams are actively working to resolve this issue and there is no need to open a support ticket. 

‘Status updates will be posted as we have more information to share, including when the issue is resolved.’

Crowdstrike is a security service designed to stop internet breaches for the world's biggest companies, but a rogue update is believed to brought the world to its knees.

Crowdstrike is a security service designed to stop internet breaches for the world’s biggest companies, but a rogue update is believed to brought the world to its knees.

The rogue app suspected to be the root cause of bringing down computers across the world is ironically aimed at protecting PCs from hackers

The rogue app suspected to be the root cause of bringing down computers across the world is ironically aimed at protecting PCs from hackers

The rogue app suspected to be the root cause of bringing down computers across the world is ironically aimed at protecting PCs from hackers

The update has wreaked havoc worldwide, with flights grounded, supermarkets having to close their doors, banks pushed offline and TV stations driven off the air

The update has wreaked havoc worldwide, with flights grounded, supermarkets having to close their doors, banks pushed offline and TV stations driven off the air

The update has wreaked havoc worldwide, with flights grounded, supermarkets having to close their doors, banks pushed offline and TV stations driven off the air

Computer analysts believe a badly-written bit of code in the update triggered the catastrophe and wrecked computer networks worldwide.

Experts have already come up with a partial workaround solution for some users which allows them to boot into a safe mode and rename the Crowdstrike folder.

But that will only work on computers with the lowest level of security protection.

And those with higher protection – which use Bitlocker hard disk security to protect data, which is used in the most secure systems and computers – may have to wait days before they can be fixed.

‘The majority of organisations should be starting to come back online as we speak,’ said CyberCX chief strategy officer Alastair MacGibbon.

Four step workaround hack to get back online

1. Boot Windows into Safe Mode or the Windows Recovery Environment (you can do that by holding down the F8 key before the Windows logo flashes on screen)

2. Navigate to the C:WindowsSystem32driversCrowdstrike directory

3. Locate the file matching ‘C-00000291′ sys’ file, right click and rename it to ‘C-

00000291*.renamed’

4. Boot the host normally.

‘But there’s always a problem case – either it’s a team that isn’t technical enough to do a rollback or can’t reboot, so there are going to be impacts.’

The update has wreaked havoc worldwide, with flights grounded, supermarkets having to close their doors, banks pushed offline and TV stations driven off the air.

‘The computing crisis we’re currently witnessing, due to a technical issue in Crowdstrike’s agent, is unprecedented in a scale we haven’t seen in years,’ said Amiram Shachar, founder of rival security firm, Upwind.

‘It has already had a massive impact on critical infrastructure worldwide, including hospitals, banks, airports, and communication services.

‘As the agent causes organisations’ Windows systems to shut down, millions of companies are affected, since most organisations deploy updates automatically.

‘Given that the Crowdstrike agent is installed on millions of devices, ranging from servers to PCs and IoT devices, the damage is unprecedented.’

He added: ‘Although the full implications of this event are still unfolding, we can already draw some critical lessons for future conduct. 

‘For Crowdstrike and similar vendors, it is essential to thoroughly investigate every version update before releasing it to customers, understanding that technical issues can cause significant damage. 

‘The main lesson is the importance of implementing a gradual process for updating critical infrastructure. 

‘The only aspect that should be updated automatically is the test environment. 

‘Development and production environments should only be updated after successful testing. 

‘This approach helps prevent technical failures from impacting critical business functions.’

Crowdstrike is intended to protect computer networks from hackers being able to cause just the kind of chaos that’s being seen across the world.

‘Proven, tested, and easy-to-use protection — so you can focus on your business, while we focus on security,’ their website boasts

It's believed to have sent servers, desktop PCs, laptops and corporate computer terminals into a death spiral of reboots into a blue screen of death, with the error message: 'DRIVER_OVERRAN_STACK_BUFFER'

It's believed to have sent servers, desktop PCs, laptops and corporate computer terminals into a death spiral of reboots into a blue screen of death, with the error message: 'DRIVER_OVERRAN_STACK_BUFFER'

It’s believed to have sent servers, desktop PCs, laptops and corporate computer terminals into a death spiral of reboots into a blue screen of death, with the error message: ‘DRIVER_OVERRAN_STACK_BUFFER’

Crowdstrike floated on Nasdaq in 2019 with shares selling for US$83 five years ago and its stock price has since soared to US$353

Crowdstrike floated on Nasdaq in 2019 with shares selling for US$83 five years ago and its stock price has since soared to US$353

Crowdstrike floated on Nasdaq in 2019 with shares selling for US$83 five years ago and its stock price has since soared to US$353

‘CrowdStrike secures the most critical areas of risk to keep customers ahead of today’s adversaries and stop breaches. 

‘With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity and immediate time-to-value.’

It says its Falcon cloud-based software can identify and nullify threats before they can get penetrate corporate networks.

But instead, an update to the Falcon security agent is being blamed for causing the megacrash, which will now see IT staff working around the clock as they attempt to repair the damage.

Crowdstrike was founded in 2011 by George Kurtz, Dmitri Alperovitch and Gregg Marston and launched its Falcon protection service two years later.

It floated on Nasdaq in 2019 with shares selling for US$83 five years ago, and its stock price has since soared to US$343.

It played a key role into the investigation into the hacking of the US Democratic party during the 2016 Presidential election which found Russian intelligence services had been involved.

It is one of the sponsors of the F1 Mercedes race team and provides cyber security protection for their vital data.

To win, we need complete confidence in the information and infrastructure that drive our team,’ said Toto Wolff, Mercedes team principal, when the deal was unveiled. 

‘I am delighted to have CrowdStrike as our cybersecurity provider and partner.’

***
Read more at DailyMail.co.uk