EnterpRISE

View Original

Explainer: why is the global IT outage happening, who is affected and what happens next?

A global outage is affecting airlines, banks, broadcasters and other organisations. Here’s what’s happening and what to expect

The global ‘blue screen of death’ outage affecting airlines, banks, telecoms companies, broadcasters and others is due to a faulty file from an IT security company called Crowdstrike.

Crowdstrike’s protection services are used by tens of thousands of large organisations.

The US firm has acknowledged the cause of the fault and says that it has begun efforts to fix the situation, offering a technical workaround to those affected.

However, the fix may not immediately help some computers and systems already stuck in the fault.

The issue is causing affected Windows computers to forcibly reboot, resulting in a ‘blue screen of death’.

There is also a separate outage affecting Microsoft’s online 365 apps, which the company has acknowledged.

There is no indication yet of any personal data loss as the event does not appear to be connected with a hack or cyber intrusion.

In Ireland, Ryanair is the highest profile casualty so far of the global outage, although it’s likely that other organsations have also been affected.

“If you're due to travel today and have not already checked-in for your flight, you can do so at the airport,” the airline told passengers in a statement. “We sincerely apologise for any inconvenience caused as a result of this global third party IT outage.”

As of this morning, the online services of major Irish banks appear not to have been affected.

The Irish Independent has been told by IT security professionals that a number of major Irish companies are also currently suffering a total outage on their servers.

"CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor,” the company said in a note to users.

“Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor.”

The company then offered a workaround to those affected by the outage.

"If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue,” it said.

“Boot Windows into Safe Mode or the Windows Recovery Environment. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory. Locate the file matching "C-00000291*sys" file, right click and rename it to "C-00000291*.renamed". Boot the host normally.”

Answering questions on X, Crowdstrike director Brody Nisbet acknowledged the fault but said that it was a “faulty channel file” instead of a faulty “update”.

“It can be selectively addressed rather than a whole faulty update,” he said before repeating the workaround routine (above).

"That workaround won't help everyone, though,” he said.

Separately, Microsoft also appears to be experiencing an outage, cutting off access for some users to its Microsoft 365 apps and online services. The company said that the problem is due to a “configuration change in a portion of our Azure backend workloads” which has “resulted in connectivity failures that affected downstream Microsoft 365 services”.

Reporting on:independent.ie