The average ransomware loss hit $353,000 this year 📈
Cyber Incident? Get Help

CrowdStrike Software Update Triggers Global Outage

CrowdStrike Software Update Triggers Global Outage

Editor's note: For remediation guidance and updates on how the cyber insurance industry is responding to the CrowdStrike outage, please read our latest blog post from Coalition CEO Joshua Motta.


A defective software update from cybersecurity vendor CrowdStrike prompted a global computer outage impacting airports, banks, and other businesses running Microsoft Windows operating systems.

Coalition became aware of the issue late Thursday evening PT on July 18 after CrowdStrike first deployed the software update. In the hours that followed, impacted businesses experienced a “blue screen of death” error that prevented the machines running Windows from booting out of the restart state.

CrowdStrike has since provided a statement on the matter, noting “issue has been identified, isolated and a fix has been deployed.” Importantly, the cybersecurity vendor has reiterated that this is not a security incident or cyber attack.

By Friday morning, fallout from the outage was reported around the world with instances of disruption for 911 operators, system outages for federal agencies, and major airlines being forced to ground planes.

Remain vigilant about social engineering attacks

Threat actors often try to take advantage of major outages to deploy social engineering attacks or convince businesses to run commands that appear benign but can lead to a ransomware event. These groups may pose as CrowdStrike employees in an attempt to gain sensitive information, such as usernames and passwords.

During times of widespread confusion. businesses and cybersecurity defenders must remain on high alert. We recommend verifying the identity of any representative reaching out to your team on behalf of CrowdStrike, Microsoft, or any other IT vendor and only following instructions of a verified party.

Coalition recommends following direct guidance provided by technology vendors, including CrowdStrike, Microsoft, and Amazon Web Services.

CrowdStrike recommendations

Following crashes on Windows hosts related to the Falcon Sensor, CrowdStrike reverted changes from its content update, noting Mac and Linux hosts are not impacted. Businesses that are still crashing and unable to stay online can follow recommendations from CrowdStrike to work around this issue.

Microsoft recommendations

Microsoft’s official statement indicates that “several reboots” may be required for businesses to address the issue but that “reboots are an effective troubleshooting step at this stage.”

AWS recommendations

AWS has acknowledged the widespread outage and stated it has “taken steps to mitigate the issue for as many Windows instances, Windows Workspaces and Appstream 2.0 Applications as possible.” Customers that are still impacted are recommended to take additional action to restore connectivity.

Coalition available to provide additional support

The Coalition Security Support Center team is available to policyholders who have questions or need additional guidance on system restoration. For direct support, please email securitysupport@coalitioninc.com.


This blog post is designed to provide general information on the topic presented and is not intended to construe or the rendering of legal or other professional services of any kind. If legal or other professional advice is required, the services of a professional should be sought. The views and opinions expressed as part of this blog post do not necessarily state or reflect those of Coalition. Neither Coalition nor any of its employees make any warranty of any kind, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. The blog post may include links to other third-party websites. These links are provided as a convenience only. Coalition does not endorse, have control over nor assumes responsibility or liability for the content, privacy policy or practices of any such third-party websites.