Recover From The CrowdStrike Blue Screen of Death (BSOD) in Just 5 Steps
Hornetsecurity
Leading cloud security and compliance SaaS provider, protecting 75,000 organizations globally.
CrowdStrike encountered a major technical issue, resulting in a global IT outage that is affecting businesses, airlines, media outlets, government agencies, and other organisations around the world. If you or your organization has been impacted, follow these five steps to quickly recover from the Blue Screen of Death (BSOD) and minimize downtime.
Step 1: Access Windows Recovery Environment
Step 2: Choose Troubleshoot
On the Recovery screen, click on Troubleshoot
Step 3: Choose Advanced Options
In the Troubleshoot menu, click on Advanced options.
Step 4: Choose Command Prompt
In the Advanced options menu, click on Command Prompt.
Step 5: Enter the Command
In the Command Prompt window, type one of the following commands and press Enter:
To delete:
del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
To disable:
@echo off
setlocal
REM Define the driver file pattern
set "driver_pattern=C-00000291*.sys"
REM Define the target directory
set "target_dir=C:\Windows\System32\drivers\CrowdStrike"
REM Change to the target directory
cd /d "%target_dir%" || (
echo Failed to change directory to %target_dir%
goto :error
Recommended by LinkedIn
)
REM Find the driver file
for %%f in (%driver_pattern%) do (
set "driver_file=%%f"
goto :found
)
echo No driver file matching %driver_pattern% found.
goto :error
:found
REM Extract the base name of the driver file (assuming the driver name without extension matches the service name)
set "driver_name=%driver_file:~0,-4%"
REM Disable the driver
sc config %driver_name% start= disabled || (
echo Failed to disable the driver %driver_name%
goto :error
)
echo Successfully disabled the driver %driver_name%
REM Reboot the system
shutdown /r /t 0
goto :eof
:error
echo An error occurred. Exiting without reboot.
endlocal
pause
The current global IT outage caused by CrowdStrike's technical issue has had widespread effects, disrupting operations across various sectors including businesses, airlines, media outlets, and government agencies. If you or your organization is among those impacted, it's crucial to take immediate action to mitigate the effects, restore functionality and minimize downtime.
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
6moThis only works if the disk is not encrpted. If so, the recovery key needs to be obtained first. bitlocker can be a tricky one, especially if recovery keys are in azure, and organizations are still tried to recover the massive outage of azure since yesterday evening :P But this should be good for a lot of people. Challenges for payment terminals and cashier stuff too :P