CrowdStrike CEO: Recovery from Global IT Outage Nearly Complete

CrowdStrike has nearly completed restoration from last Friday's global IT outage that impacted 8.5 billion Windows devices.

According to CrowdStrike’s preliminary post-incident review, Falcon, which provides a range of capabilities to assist in adversary response, contained problematic content data that forced computers running Microsoft’s Windows operating system to crash.

“I want to share that over 97% of Windows sensors are back online as of July 25,” CrowdStrike CEO George Kurtz said in a LinkedIn post. “This progress is thanks to the tireless efforts of our customers, partners and the dedication of our team at CrowdStrike. However, we understand our work is not yet complete, and we remain committed to restoring every impacted system.”

To CrowdStrike customers still affected by the global IT outage, “please know we will not rest until we achieve full recovery,” he said.

CrowdStrike's George Kurtz

“At CrowdStrike, our mission is to earn your trust by safeguarding your operations,” Kurtz said. “I am deeply sorry for the disruption this outage has caused and personally apologize to everyone impacted. While I can’t promise perfection, I can promise a response that is focused, effective and with a sense of urgency.”

Global IT Outage Recovery Efforts Enhanced

CrowdStrike’s recovery efforts have been enhanced due to the development of automatic recovery techniques and by mobilizing all the company’s resources to support its customers, Kurtz said.

Related:Fortune 500 Losing $5.4 Billion from CrowdStrike Outage

“CrowdStrike is committed to building on our mission to stop breaches, with a renewed focus on customer controls and resilience,” he said. “Customer obsession has always been our guiding principle, and this experience has only strengthened our resolve.”

In the meantime, hacktivist entity USDoD claimed on cybercrime forum BreachForums to have leaked CrowdStrike’s “entire threat actor list,” the vendor said in a blog. USDoD also alleged they had obtained CrowdStrike’s “entire" indicators of compromise (IOC) list and would release it “soon.”

According to CrowdStrike, USDoD shared a link where people can download CrowdStrike's alleged threat actor list. USDoD shared shared a sample of the data fields in what CrowdStrike said was likely an effort to verify its claims.

However, CrowdStrike said this threat intelligence is already available to tens of thousands of customers, partners and prospects, and hundreds of thousands of users.

“Adversaries exploit current events for attention and gain,” the company said said. “We remain committed to sharing data with the community.”

Related:How Managed Service Providers Handled CrowdStrike Outage

USDoD has engaged in hacktivism and financially motivated breaches going back to 2020, according to CrowdStrike. It has mainly social-engineering tactics to reach sensitive data, according to CrowdStrike. USDoD has focused on intrusion campaigns against high-profile targets.