The page includes technical information about what caused the outage, which systems were affected, and a statement from CEO George Kurtz. It also contains links to Bitlocker's key recovery processes and several third-party vendor pages on how to deal with the outage.
The page leads to a knowledge base article (accessible only to logged-in customers) on how to use a bootable USB stick. Microsoft released such a tool yesterday that automatically removes the problematic channel file that was causing machines to display the blue screen.
CrowdStrike also I posted a blog yesterday warning that threat actors have been taking advantage of the situation to distribute malware, using “a malicious ZIP file named crowdstrike-hotfix.zip.”
The ZIP file contains a Hijacking Charger payload that, when executed, loads RemCosIt is worth noting that the Spanish file names and instructions within the ZIP file indicate that this campaign is likely targeting CrowdStrike customers based in Latin America (LATAM).
Following the content update issue, several typosquatting domains impersonating CrowdStrike have been identified. This campaign marks the first observed case where a threat actor has leveraged the Falcon content issue to distribute malicious files targeting CrowdStrike customers based in Latin America.
CrowdStrike says organizations should only work directly with CrowdStrike representatives using official channels and should only use guidance provided by its support team.