No major impact on Thailand from CrowdStrike global cyber outage
The Digital Economy and Society (DES) Ministry said on Friday that it was working with the National Cyber Security Agency (NCSA) to monitor the impact of a global cyber outage caused by an update of cybersecurity firm CrowdStrike on Friday.
Reuters reported that the outage affected IT systems of media, retailers, banks, airlines and telecoms companies across several countries on Friday.
In a statement issued on Friday, CrowdStrike said it was actively working with customers impacted by a defect found in a single content update for Windows hosts. This was not a cyberattack, the company confirmed.
The statement said the symptoms include Windows hosts experiencing a blue screen (BSOD) related to the CrowdStrike’s Falcon Sensor. It added that the company’s technicians have identified a content deployment update related to this issue that was pushed at 4.09am coordinated universal time (UTC) and reverted those changes. As a result, hosts that booted up after 5.27am UTC should not experience any issues.
DES Minister Prasert Chantararuangthong said that from initial investigation, there was no impact on Thailand’s telecommunication networks, including mobile phone and internet, as well as the communication and air navigation systems of the Aeronautical Radio of Thailand.
He added that the ministry and the NCSA would continue to monitor the situation closely and would be on standby to provide assistance to any agencies affected by the cyber outage.
The NCSA issued the following guidance to public and private sectors who have experienced BSOD problems from the CrowdStrike update.
Steps to follow if you are stuck in a reboot loop with a blue screen:
- Let the system boot up and crash three times, this will give you a menu.
- Click Troubleshoot
- Click Advanced Options
- Click Command Prompt
- If your system is protected with BitLocker, you will need to enter your BitLocker Recovery Key
- If BitLocker is managed via Intune, this can be found at https://myaccount.microsoft.com, under "devices". Make sure to match the Hostname of the device and the Key ID. Otherwise, ask your local IT administrator for your BitLocker Recovery Key
- In the command prompt window, type the following commands, followed by an Enter key. (Warning: The Command prompt starts at the X:\ drive. Please do not forget to switch to c:\ by typing these commands exactly)
- c:
- cd windows
- cd system32
- cd drivers
- cd crowdstrike
- del C-00000291*
- exit
- Click continue to Windows
For more troubleshoots, including those for public cloud and virtual machines, go to https://www.eye.security/blog/crowdstrike-falcon-blue-screen-issue-updates
