| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The software failure incident involving a ransomware attack on the Matanuska-Susitna borough in Alaska occurred in 2018 [73774].
- The incident involved malware infecting the computer systems of the borough, encrypting data, and disrupting various services.
- The attack affected desktop computers, email servers, telephone systems, door entry card systems, and back-up data.
- The ransomware attack spread on 24 July, but it was suspected to have been dormant in the systems since May.
- The incident led to the temporary use of typewriters for tasks and the loss of some data, including unrecoverable email data.
- The borough incurred significant costs due to the incident and had to rebuild affected systems and recover data [73774].
(b) The software failure incident having happened again at multiple_organization:
- The article mentions that ransomware outbreaks have occurred worldwide, causing temporary shutdowns in hospitals, halting production in factories, disrupting operations at major ports, and causing chaos in offices [80136].
- Ransomware attacks have cost companies several billion dollars annually, indicating a widespread and recurring issue across various organizations.
- The incident in Matanuska-Susitna, Alaska, is highlighted as part of a larger trend of ransomware attacks affecting communities and businesses that rely heavily on computer systems for their operations [80136].
- The incident in Matanuska-Susitna is described as unsettlingly common, suggesting that similar attacks have occurred in other communities and businesses reliant on computer technology [80136]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase:
- The software failure incident in Matanuska-Susitna, Alaska, was caused by a ransomware attack that encrypted the borough's email server, internal systems, disaster recovery servers, telephone system, and door entry card system [73774, 80136].
- The ransomware attack was able to spread and infect the borough's systems due to missed elements of the malware by the anti-virus software, allowing it to spread within the network [73774].
- Investigators found evidence that the malware had been on the borough's systems since May, indicating a potential design flaw or vulnerability that allowed the malware to remain undetected for an extended period [80136].
(b) The software failure incident related to the operation phase:
- The ransomware attack disrupted a wide range of services in Matanuska-Susitna, including locking out hundreds of employees from their workstations, disrupting services at local libraries, affecting the animal shelter's ability to access data on medications, and causing issues with online booking systems [80136].
- Staff had to resort to using typewriters, pen and ink, and temporary webmail services as a result of the attack, showcasing the operational impact of the software failure incident [80136].
- The incident led to significant operational challenges, such as the need to disconnect all computers and printers in libraries, slowing down various functions of the borough, and impeding communication and service delivery across different departments [80136]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident reported in the articles was primarily within the system. The failure was caused by ransomware infecting the computer systems of the Matanuska-Susitna borough in Alaska. The malware encrypted the email server, internal systems, disaster recovery servers, desktop computers, and computer servers within the borough's network [73774, 80136]. The ransomware attack spread within the system, affecting various services and disrupting operations across different departments within the borough [80136]. The incident involved the unintentional triggering of a larger or second stage attack when the IT department attempted to defend against the malware, leading to further spread and file encryption demands [80136]. The malware was found to have been dormant in the systems since May, indicating an internal origin of the attack [80136]. The recovery efforts involved extensive cleaning of infected devices and systems within the borough's network [80136]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident in the Matanuska-Susitna borough of Alaska was caused by a ransomware attack that infected their computer systems, encrypting email servers, internal systems, and disaster recovery servers [73774].
- The ransomware attack spread on 24 July, but it was suspected to have been dormant in the systems since May, indicating that the malware was introduced without direct human participation at the time of the attack [73774].
- The malware encrypted data and demanded a fee for restoration, indicating that the failure was initiated by the malicious software without direct human intervention [73774].
- The malware spread to various systems within the borough, affecting desktop computers, email servers, telephone systems, and door entry card systems, showcasing the automated nature of the attack [73774].
- The incident involved the unintentional triggering of a larger or second stage attack when the IT team attempted to defend against the malware, suggesting a chain reaction caused by the malware itself rather than human actions [80136].
(b) The software failure incident occurring due to human actions:
- The malware attack on the Matanuska-Susitna borough was suspected to have started with a targeted phishing attack, where an organisation working with the borough was compromised, allowing the malware to be sent through a malicious email to a Mat-Su employee [80136].
- The malware creators used social engineering tactics to trick individuals into clicking on links or downloading attachments, leading to the spread of the malware within the network, indicating a level of human involvement in the initial introduction of the malware [80136].
- The incident highlighted the importance of cybersecurity awareness and training to prevent employees from falling victim to phishing attacks and inadvertently introducing malware into the system [80136]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The software failure incident in Matanuska-Susitna, Alaska, was primarily caused by a cyber-attack involving ransomware that infected the computer systems of the borough. This attack led to the encryption of email servers, internal systems, disaster recovery servers, telephone systems, and door entry card systems [73774, 80136].
- The malware attack affected nearly all of the 500 desktop computers running Windows 7 and 10, as well as 120 computer servers in the borough [73774].
- The incident resulted in the impounding of over 700 devices, including printers and computers, for checking and scrubbing to remove the malware [80136].
- The attack disrupted various services and activities in the borough, such as employees being locked out of their workstations, libraries having to turn off public PCs, and the animal shelter losing access to data on medications for animals [80136].
- The malware attack also impacted the online booking system for swimming lessons, land registry data access for estate agents, and communication channels for library services [80136].
(b) The software failure incident occurring due to software:
- The ransomware attack that hit Matanuska-Susitna was a result of malicious computer software encrypting or scrambling data and demanding a fee for restoration [73774].
- The malware was able to spread within the borough's systems due to missed elements by the anti-virus software, allowing it to infect various devices and servers [73774].
- The incident involved a targeted phishing attack where an employee received a malicious email containing the malware, which then spread across the network [80136].
- The malware creators used tactics like cloaking the attack within seemingly innocuous messages to increase the chances of users clicking on links or downloading attachments that spread the malware [80136].
- The recovery process involved a dedicated team gradually bringing back the affected services online over a period of 10 weeks, indicating the software failure's complexity and impact [80136]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles was malicious in nature. It was a cyber-attack involving ransomware that infected the computer systems of the Matanuska-Susitna borough in Alaska. The malware encrypted data and demanded a fee for restoration, affecting various systems including desktop computers, email servers, telephone systems, and door entry card systems [73774, 80136]. The attack was sophisticated and targeted, with evidence suggesting it may have originated from a targeted phishing attack that compromised an organization working with the borough, leading to the spread of malware through malicious emails [80136].
Additionally, the incident resulted in significant disruptions to various services, such as employees being locked out of their workstations, libraries having to disconnect computers and printers, animal shelters losing access to medication data, and online booking systems going down [80136]. The attack caused financial losses exceeding $2 million and impacted the daily operations of the borough, highlighting the malicious intent behind the software failure incident [80136]. |
| Intent (Poor/Accidental Decisions) |
accidental_decisions |
(a) The intent of the software failure incident was not due to poor decisions but rather an accidental decision. The incident in Matanuska-Susitna, Alaska, was caused by a malware attack that spread across the borough's computer networks, disrupting various services [80136]. The attack was initiated through a targeted phishing attack, where an organisation working with the borough was compromised, allowing someone to send a malicious email containing the malware to a Mat-Su employee [80136]. This accidental decision to click on the malicious email led to the spread of the ransomware throughout the borough's systems, causing significant disruptions and financial losses [80136]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the Alaskan borough of Matanuska-Susitna was primarily due to development incompetence. The incident was caused by a ransomware attack that infected the borough's computer systems, encrypting data and disrupting various services. The malware had been dormant in the systems since May, indicating a lack of effective detection and prevention measures [73774, 80136].
(b) Additionally, the accidental aspect of the failure can be seen in how the initial response to the malware attack triggered unintended consequences, leading to a larger spread of the attack and further locking down of employees' files. This unintended response highlighted the complexity and unpredictability of dealing with cyber-attacks, showcasing accidental factors contributing to the incident [80136]. |
| Duration |
temporary |
The software failure incident reported in the articles was temporary. The incident involved a ransomware attack that infected the computer systems of the Matanuska-Susitna borough in Alaska, causing disruptions to various services and operations. The incident began in July 2018 and the borough was still trying to recover from the attack months later [Article 80136]. The malware attack led to the temporary shutdown of systems, loss of access to data, disruption of services like online booking systems and communication channels, and the need to resort to manual processes such as using typewriters [Article 73774, Article 80136]. The incident required extensive efforts to clean the infected systems, recover data, and gradually bring affected services back online over a period of 10 weeks [Article 80136]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident described in the articles can be categorized as a crash. This is evident from the fact that the ransomware attack on the Matanuska-Susitna borough in Alaska caused significant disruption to the computer systems, leading to the loss of access to various services and data for employees and residents. The incident resulted in the borough's infrastructure being knocked offline, with employees locked out of their workstations, disruption of services like online booking systems for swimming lessons, and the need to resort to using typewriters for tasks [73774, 80136].
(b) omission: The software failure incident can also be classified as an omission. This is seen in the disruption caused by the malware attack, where the system omitted to perform its intended functions at various instances. For example, the incident led to the loss of access to data on medications at the animal shelter, disruption of online booking systems, inability to update the website with photos of animals up for adoption, and the inability to place books on hold at libraries [80136].
(c) timing: The timing of the software failure incident can be considered as a factor in the overall impact. While the system may have initially been infected with the ransomware in May, the attack spread and caused significant disruption starting in July 2018. The incident occurred suddenly, catching the borough employees off guard and leading to a rapid response to mitigate the effects of the attack [80136].
(d) value: The software failure incident can be linked to the value category as well. This is evident from the fact that the malware attack encrypted or scrambled data on the borough's systems, demanding a fee for its restoration. The incident resulted in the loss of access to critical data, affecting services like the animal shelter's ability to charge for services, the inability to update the website with adoption information, and disruption in various administrative functions [73774, 80136].
(e) byzantine: The software failure incident does not align with the byzantine behavior category, as there is no mention of inconsistent responses or interactions in the articles.
(f) other: The software failure incident can be further categorized under the "other" behavior due to the unique aspects of the attack. The incident involved a ransomware attack that not only encrypted data but also spread across various systems, affecting desktop computers, email servers, telephone systems, and door entry card systems. The attack was sophisticated, with elements of the malware going undetected by anti-virus software, leading to a widespread impact on the borough's operations [73774, 80136]. |