July 22, 2024 – Following the incident that caused blue screens of death on 8.5 million computers worldwide due to a faulty Windows update, security company CrowdStrike has launched a new “Remediation and Guidance Hub.” This hub serves as a comprehensive resource for information related to the erroneous update.
The hub’s webpage details the cause of the malfunction, the affected systems, and includes a statement from CEO George Kurtz. Additionally, it provides links to processes for Bitlocker key recovery and guidance from third-party vendors on addressing the issue.
Notably, the site also features a link to a knowledge base article (accessible only to logged-in users) that outlines the steps for repair using a bootable USB drive. Microsoft has already released a tool that automatically removes the files responsible for the blue screen crashes.
In a blog post published yesterday, CrowdStrike warned that attackers are exploiting this incident to distribute malware. Specifically, they are using a malicious zip file named “crowdstrike-hotfix.zip” containing a payload called HijackLoader. Once executed, this payload loads the RemCos ransomware. The use of Spanish filenames and instructions within the zip file suggests that this attack may be targeting CrowdStrike customers in Latin America.
The blog post further notes, “Following the content update issue, we have identified multiple instances of spoofed CrowdStrike domains. This is the first time we have observed attackers exploiting the Falcon content issue to distribute malicious files, specifically targeting CrowdStrike customers in Latin America.”
CrowdStrike advises users to always work directly with CrowdStrike representatives through official channels and to follow only the guidelines provided by their support team.