Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
When the "blue screen of death" is really capable of killing…
The UK is facing a major challenge in the healthcare system due to a global failure of Windows-based IT systems caused by CrowdStrike's Falcon Sensor update.
Earlier, we reported that a massive failure affected many organizations in dozens of countries where CrowdStrike's information security solutions were used. Because of the cyclical "blue screens of death" (BSOD), many TV channels were forced to interrupt the airwaves, and some exchanges-to stop trading. Dozens of airports massively canceled or postponed flights due to the inability to register passengers.
The global disruption may have damaged the nerves of hundreds of thousands of people, but the most serious consequence of this incident is undoubtedly problems in medical systems, and in particular in the British Varian system used for radiotherapy of cancer patients.
The Royal Surrey Trust, one of the clients of Varian Medical Systems, said today that due to the global Windows outage, morning treatment sessions for cancer patients were canceled.
Later, radiotherapy services were restored, but the situation itself is out of the ordinary: people with cancer could not receive planned treatment. This is very serious. And despite the resumption of operation of Varian systems, it is expected that some interruptions in the operation of medical equipment will continue next week.
Varian is the second largest UK system affected by the crash caused by the CrowdStrike update. The first system, EMIS, is used by most general practitioners in the UK.
Several NHS trusts in the UK, including Barking, Havering and Redbridge University Hospitals, East and North Hertfordshire NHS Trust and Beatson West of Scotland Cancer Centre, have publicly confirmed the use of Varian equipment. Specialists from these institutions confirmed that Varian systems are still in operation, but management is now determining the full extent of the incident's impact.
Today's global IT failure has already been called one of the most serious in history. It was caused by files with the mask "C-00000291*.sys" located on the path "C:\Windows\System32\drivers\CrowdStrike" and delivered via Falcon Scaner updates. According to information security expert Kevin Beaumont, these files caused the top-level CrowdStrike driver to crash, as they had incorrect formatting.
Despite the extremely serious consequences, the incident cannot be classified as a cyberattack, as it was not malicious in nature. CrowdStrike experts quickly suspended the deployment of updates when they learned about the crash, and then also quickly released a fix.
However, computers already affected by the crash are likely to take a long and tedious time to restore manually, as the" blue screen of death " appears immediately after Windows boots up. You can't do this without entering safe mode and manually deleting problematic files.
This measure is not a big problem for small organizations, but for corporations with fleets of thousands of computers — the scale of restoration work is approaching disaster. In this regard, a full recovery of all affected systems may take some time, from several days or more.
Recall that the digital collapse, fortunately, bypassed Russia, since CrowdStrike's information security solutions are practically not used in our country.
Source
The UK is facing a major challenge in the healthcare system due to a global failure of Windows-based IT systems caused by CrowdStrike's Falcon Sensor update.
Earlier, we reported that a massive failure affected many organizations in dozens of countries where CrowdStrike's information security solutions were used. Because of the cyclical "blue screens of death" (BSOD), many TV channels were forced to interrupt the airwaves, and some exchanges-to stop trading. Dozens of airports massively canceled or postponed flights due to the inability to register passengers.
The global disruption may have damaged the nerves of hundreds of thousands of people, but the most serious consequence of this incident is undoubtedly problems in medical systems, and in particular in the British Varian system used for radiotherapy of cancer patients.
The Royal Surrey Trust, one of the clients of Varian Medical Systems, said today that due to the global Windows outage, morning treatment sessions for cancer patients were canceled.
Later, radiotherapy services were restored, but the situation itself is out of the ordinary: people with cancer could not receive planned treatment. This is very serious. And despite the resumption of operation of Varian systems, it is expected that some interruptions in the operation of medical equipment will continue next week.
Varian is the second largest UK system affected by the crash caused by the CrowdStrike update. The first system, EMIS, is used by most general practitioners in the UK.
Several NHS trusts in the UK, including Barking, Havering and Redbridge University Hospitals, East and North Hertfordshire NHS Trust and Beatson West of Scotland Cancer Centre, have publicly confirmed the use of Varian equipment. Specialists from these institutions confirmed that Varian systems are still in operation, but management is now determining the full extent of the incident's impact.
Today's global IT failure has already been called one of the most serious in history. It was caused by files with the mask "C-00000291*.sys" located on the path "C:\Windows\System32\drivers\CrowdStrike" and delivered via Falcon Scaner updates. According to information security expert Kevin Beaumont, these files caused the top-level CrowdStrike driver to crash, as they had incorrect formatting.
Despite the extremely serious consequences, the incident cannot be classified as a cyberattack, as it was not malicious in nature. CrowdStrike experts quickly suspended the deployment of updates when they learned about the crash, and then also quickly released a fix.
However, computers already affected by the crash are likely to take a long and tedious time to restore manually, as the" blue screen of death " appears immediately after Windows boots up. You can't do this without entering safe mode and manually deleting problematic files.
This measure is not a big problem for small organizations, but for corporations with fleets of thousands of computers — the scale of restoration work is approaching disaster. In this regard, a full recovery of all affected systems may take some time, from several days or more.
Recall that the digital collapse, fortunately, bypassed Russia, since CrowdStrike's information security solutions are practically not used in our country.
Source
