Misery loves company and, following last week’s global computer outage, scammers are exploiting the situation by sending phishing emails and text messages.
These rogue actors pose as tech support teams or CrowdStrike employees to try to steal sensitive information from affected individuals, businesses, and organizations.
Fake websites are also popping up everywhere with domain names riffing on the event like "CrowdStrike'' and "Blue Screen," promising quick fixes or falsely offering cryptocurrency rewards.
As an example, when ConsumerAffairs checked GoDaddy’s domain registration service, someone had already claimed “crowdstrikeupport.com” and “crowdstrikehelp.com.”
In addition, CrowdStrike Intelligence said it’s already witnessed bad actors trying to leverage the event by distributing a malicious ZIP archive named "crowdstrike-hotfix.zip".
Led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), government cybersecurity agencies around the world are putting the word out that this is serious business – especially given the fact that approximately 8.5 million Windows devices were affected globally.
“CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources,” the agency said in its advisory. “CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”
What a real phishing attempt might look like
What type of email should you be on the lookout for? Based on previous phishing attempts in similar situations, they follow the same suspicious email address, call for urgency, threats, and a request for credentials. What would one look like? Probably something like this:
Subject: Urgent: Immediate Action Required to Restore Your System
From: IT Support Team
Body: Dear [User's Name],
Due to the recent global IT outage affecting CrowdStrike services, we have identified that your system may be compromised. To ensure the security and functionality of your device, immediate action is required.
Please follow the steps below to restore your system:
1. Click on the following link to download the official CrowdStrike Recovery Tool: [malicious link]
2. Run the downloaded file and follow the on-screen instructions.
3. If prompted, enter your username and password to authenticate the process.
Failure to complete these steps within 24 hours may result in further disruptions to your service.
If you have any questions, please contact our support team at support@crowdstrike-fix.com.
Thank you for your prompt attention to this matter.
Best regards,
CrowdStrike IT Support Team
The 'fix' is in… hopefully.
In a blog post, Microsoft says that it has taken steps to remediate the situation, including engaging with CrowdStrike to automate their work on developing a solution.
The post noted that CrowdStrike has a recommended workaround in place to address this issue and has also issued a public statement. Instructions to remedy the situation on Windows endpoints were posted on the Windows Message Center.
“We’re working around the clock and providing ongoing updates and support," the company said. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update. We have also worked with both AWS [Amazon’s cloud service] and GCP [Google’s cloud service] to collaborate on the most effective approaches.”
Microsoft has released a “USB tool” to help IT Admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center. The company also advises that anyone whose systems continue to be impacted by the outage to check with its special dashboard first before doing anything else.