News / Ports hit by Microsoft outage as supply chain operators fear a rerun of NotPetya

© Donvictorio

*The original story has been edited to include updates from Peel Ports*

The ports of Felixstowe and Tilbury have all been confirmed to be suffering from major IT outages preventing landside operations this morning. Destin8, a UK port community system shared between them, also incorporates the Port of Harwich and London Thamesport and Great Yarmouth.

A similar problem was reported at Poland’s Baltic Hub, formerly known as DCT Gdansk, which has reportedly requested customers to send containers its gates while it enacts contingency plans.

In a customer advisory, UK forwarder Woodland Group said a number of ports had been affected, “amongst them is the port of Felixstowe, where the  processing, collecting and delivering of trailers is currently not possible while the Destin8 Port Community System that enables all sections of the maritime industry to facilitate the movement of cargo is also unavailable”.

Peel Ports told The Loadstar: “The Port of Liverpool’s connectivity to the Destin8 community messaging system was temporarily interrupted for a couple of hours early this morning, but this was fully restored by 9.45am.”

The chaos has been traced back to a faulty update in a piece of Microsoft cyber-security software designed to protect cloud networks, authored by Texas firm Crowdstrike.

The system pushes cyber-security updates to computers and server systems around the world, meaning that users logging on this morning have been presented with the dreaded ‘blue screen of death (BSOD),’ usually the fault of a major hardware failure.

The Texas firm says that the error is related to its Falcon Sensor product, and is working to revert back to a working update.

The problem is global, with affected users unable to reboot their systems in many cases, while banks have been unable to make payments. The London Stock Exchange has been unable to process trades this morning, and reports from around the world have airline staff hand-writing boarding cards for customers. Land-side operations at various shipping companies are also being affected.

A workaround for the problem posted on Twitter by a Crowdstrike employee are as follows:

1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching “C-00000291*.sys”
4. Boot normally.

However, concern is that with so many systems malfunctioning, crippled systems are unable to receive new updates, meaning that Microsoft cannot initiate a fix on a global scale.

Instead, the fix will need to be applied to every individual workstation to restore functionality, which could take weeks, posing a similar scenario to the one suffered by Maersk after the NotPetya ransomware attack of 2017, vaunted as the ‘most destructive cyberattack in history’ by tech publication Wired. Given the number of affected industries and the enormous number of affected systems, however, this outage may turn out to be more economically destructive than any of the major and much-feared cyberattacks Crowdstrike software is written to prevent.