The Institutional Security Office (GSI), linked to the Presidency of the Republic, released a alert guiding institutions and entities linked to the federal public administration on procedures to be adopted in light of the cyber blackout that occurred this Friday (19). The outage, caused by the cyber security company CrowdStrike, affected several countries, including Brazil.
“The Government Cyber Incident Prevention, Treatment and Response Center (CTIR Gov) requests that Federal Public Administration (APF) institutions and guides other entities to identify the existence of CrowdStrike Falcon in their computer parks in their asset inventories and monitor the publication of application updates, made available at https://supportportal.crowdstrike.com/s/login/”, informed the GSI on its website.
Guidelines
The alert adds that mitigation measures for cases of crashes or unavailability of Windows operating systems involve booting Windows in safe mode or in the recovery environment. Next, it is necessary to access the C:\Windows\System32\drivers\CrowdStrike directory; identify the file that matches the pattern “C-00000291*.sys” and delete it. Finally, reboot the system.
The guidance includes preliminary information released by CrowdStrike about the incident, indicating the support portal access link. They also inform the link made available by the Microsoft Azure cloud computing platform with procedures for recovering virtual machines in your environment.
CrowdStrike
Cybersecurity firm CrowdStrike has released a statement in which it takes responsibility for the cyber outage that affected several companies and services in several countries. According to CrowdStrike CEO George Kurtz, the issue has already been “identified, isolated and a fix has been implemented.”
The problem arises from a content update for computers running Microsoft’s Windows operating system, related to the Falcon sensor. As a result, the computer crashes and the so-called “blue screen of death” appears, indicating that there are problems with the computer.
There are reports of problems in several companies. In particular, banking apps, communications companies and airlines that, following security protocols, end up not being able to take off flights.
“CrowdStrike is actively working with customers affected by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed,” CrowdStrike CEO George Kurtz said on social media.
Kurtz advised his customers to visit the company’s support portal for the latest updates. “We also recommend that organizations ensure communication with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” he added.
