| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article mentions that Merck, a U.S.-based pharmaceutical giant, was affected by a cyberattack involving ransomware. This incident was similar to a massive ransomware attack last month that deployed a virus dubbed WannaCry [60383].
(b) The software failure incident having happened again at multiple_organization:
The article also reports that DLA Piper, a multinational law firm with an office in Washington, was hit by the same ransomware attack [60383]. This indicates that the software failure incident affected multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where it mentions that the ransomware attack on Merck was similar to a massive ransomware attack last month that deployed a virus dubbed WannaCry. This indicates a vulnerability in the design or system development that allowed for such attacks to occur [60383].
(b) The software failure incident related to the operation phase is evident in the article where it describes how Merck employees arrived at their offices only to find a ransomware note on their computers, leading to the shutdown of the whole network site. This indicates a failure in operation or the misuse of the system that allowed the ransomware to take effect [60383]. |
| Boundary (Internal/External) |
outside_system |
The software failure incident involving Merck and DLA Piper was primarily due to contributing factors that originated from outside the system. The incident was a result of a sprawling cyberattack that hit multiple businesses, including Merck and DLA Piper, with demands for ransom in exchange for unlocking their computer networks [60383]. The attack utilized a virus similar to Petrwrap or Petya, which exploited a vulnerability discovered years ago by the National Security Agency [60383]. This external cyberattack led to the ransomware note appearing on computers within the affected organizations, causing widespread network disruptions and data access issues [60383]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the articles was primarily due to non-human actions, specifically a cyberattack involving ransomware. The incident involved a widespread intrusion that hit Merck, a pharmaceutical giant, and other businesses, locking down their computer networks and demanding ransom for access [60383].
(b) Human actions also played a role in the software failure incident as employees at Merck arrived at their offices to find ransomware notes on their computers. The response to the incident involved human actions such as informing employees over a public address system, spreading information via cellphones, and making decisions on whether to report to work [60383]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident at Merck and DLA Piper was primarily due to hardware issues. Employees at Merck arrived at their offices to find a ransomware note on their computers, and some had their hardware wiped, leading to the shutdown of the whole network site [60383]. This indicates that the failure originated from hardware being affected by the ransomware attack.
(b) The software failure incident was also caused by software vulnerabilities. The attack utilized a virus similar to Petrwrap or Petya, which exploits a vulnerability discovered years ago by the National Security Agency [60383]. This highlights that the software itself was vulnerable to such attacks, leading to the software failure incident. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. The incident involved a ransomware attack on Merck, a pharmaceutical giant, where the attackers locked down the company's computer networks and demanded a ransom for their release. The attack was similar to the WannaCry ransomware attack and utilized a virus known as Petrwrap or Petya. The attackers' objective was to extort money from the victims by encrypting their files and demanding payment for decryption keys [60383]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
The software failure incident involving Merck and DLA Piper was a result of poor decisions. The incident was a sprawling cyberattack that involved ransomware, where the attackers demanded payment to release locked computer networks [60383]. The attack exploited a vulnerability discovered by the National Security Agency, highlighting the need for companies to have a response plan and policy regarding ransomware [60383]. The decision to pay the ransom was also discussed, with concerns raised about dealing with criminals and the ethical implications of funding further attacks [60383]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence can be seen in the article as Merck, a U.S.-based pharmaceutical giant, was affected by a sprawling cyberattack involving ransomware. The attack locked down the company's computer networks, leading to employees finding ransomware notes on their computers and having their hardware wiped, causing the whole network site to shut down [60383].
(b) The software failure incident related to accidental factors can be observed in the article as the ransomware attack on Merck and other businesses was not intentionally caused by the companies themselves but rather by external cybercriminals deploying the ransomware virus [60383]. |
| Duration |
temporary |
The software failure incident reported in the articles is temporary. The incident involved a ransomware attack that locked down Merck's computer networks, leading employees to find ransomware notes on their computers and being instructed to go home as the network was compromised [60383]. This indicates that the failure was due to specific circumstances introduced by the cyberattack and not a permanent failure affecting all circumstances. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident related to the ransomware attack on Merck resulted in the system losing state and not performing any of its intended functions. Employees arrived at their offices to find a ransomware note on their computers, and the network was shut down, forcing employees to go home as their computers were rendered inaccessible [60383].
(b) omission: The ransomware attack on Merck led to the system omitting to perform its intended functions at an instance. Employees were unable to work as their instruments were connected to computers, data was stored on central servers, and critical information tied to drug research could potentially be lost due to the attack [60383].
(c) timing: The software failure incident did not involve a timing-related failure as the system was not performing its intended functions too late or too early.
(d) value: The ransomware attack on Merck did not result in the system performing its intended functions incorrectly.
(e) byzantine: The software failure incident did not exhibit a byzantine behavior with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident was primarily characterized by a crash and omission, as the system lost state, did not perform its intended functions, and omitted critical functions due to the ransomware attack [60383]. |