| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The article mentions that the city of Lake City, Florida, was the second city to agree to a large ransom in two weeks, with Riviera Beach in Florida's Palm Beach County having signed off on an extraordinary $600,000 payment the week before [85970].
- Additionally, the article highlights that a third Florida city, Key Biscayne, also reported being the victim of a cyberattack around the same time [85970].
(b) The software failure incident having happened again at multiple_organization:
- The article discusses how ransomware has become a digital epidemic for the public sector, with various police departments in Illinois, Maine, Massachusetts, and Tennessee opting to pay ransom demands to retrieve their data [85970].
- It also mentions other cities like Baltimore and Atlanta facing similarly crippling breaches due to ransomware attacks [85970]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Lake City, Florida, was primarily due to a design-related factor introduced during the system development phase. The incident occurred when an employee clicked on a malicious email, which infected the city's computers with ransomware known as "Triple Threat" [85970]. This design flaw in the system's security allowed the ransomware to infiltrate the network, leading to the paralysis of the city's computer systems.
(b) Additionally, the operation of the system played a role in the software failure incident. The ransomware attack was initiated when an employee clicked on the malicious email, indicating a failure in the operation or misuse of the system [85970]. The incident highlights the importance of user awareness and proper operational procedures to prevent such attacks. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in Lake City, Florida, was caused by an employee clicking on a malicious email, which infected the city's computers with ransomware known as "Triple Threat" [85970]. This internal action led to the paralysis of the city's computer systems, affecting various operations within the city. Additionally, the ransomware attack impacted everything except for Lake City's police and fire departments, which were on a separate server, highlighting the internal nature of the failure [85970]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in Lake City, Florida, was caused by a ransomware attack initiated by hackers. The attack disabled the city's computer systems, including phone lines, email, and online utility payments [85970]. The ransomware, identified as "Triple Threat," infected the city's computers when an employee clicked on a malicious email [85970]. This non-human action led to the encryption of the city's data, requiring a ransom payment to potentially recover the information.
(b) Human actions also played a role in the software failure incident. The article mentions that an employee who did not do enough to protect the computer systems from intrusion was fired by Lake City [85970]. Additionally, the decision to negotiate with the insurance carrier and ultimately pay the hackers the ransom was made by city leaders, reflecting human actions in response to the cyberattack. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in Lake City, Florida, was not attributed to hardware issues but rather to a cyberattack involving ransomware. The attack began when an employee clicked on a malicious email, infecting the city's computers with ransomware known as "Triple Threat" [85970].
(b) The software failure incident in Lake City, Florida, was directly related to software issues caused by the ransomware attack. The ransomware, identified as a variant of the malware strain "Ryuk," affected the city's computer systems, leading to the paralysis of various services such as phone lines, email, and online utility payments [85970]. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident in Lake City, Florida, was malicious in nature. It was a cyberattack launched by hackers who disabled the city's computer systems through a ransomware attack [85970]. The attackers demanded a ransom in Bitcoin, and the city ultimately had to pay to regain access to their systems. The attack was initiated when an employee clicked on a malicious email, leading to the infection of the city's computers with ransomware [85970].
(b) The software failure incident was non-malicious in the sense that the employee who clicked on the malicious email was not intentionally trying to harm the system. Additionally, the city's decision to negotiate with its insurance carrier to make the ransom payment can be seen as a non-malicious response to the attack, aimed at restoring the city's systems and services [85970]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The city leaders of Lake City, Florida, reluctantly approved paying the hackers the ransom they demanded, which was 42 Bitcoin or about $460,000, as it was deemed the right decision financially for the citizens despite the FBI's recommendation against it [85970].
- The ransomware attack on Lake City began when an employee clicked on a malicious email, indicating a potential lack of proper cybersecurity training or protocols within the organization [85970].
(b) The intent of the software failure incident related to accidental_decisions:
- The ransomware attack on Lake City was initiated when an employee accidentally clicked on a malicious email, leading to the infection of the city's computers with ransomware [85970]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in Lake City, Florida, was not attributed to development incompetence but rather to a cyberattack by hackers who launched a ransomware attack by tricking an employee into clicking on a malicious email [85970].
(b) The software failure incident in Lake City, Florida, was accidental in the sense that an employee inadvertently clicked on a malicious email, which led to the infection of the city's computers with ransomware. This accidental action triggered the cyberattack that paralyzed the city's computer systems [85970]. |
| Duration |
temporary |
(a) The software failure incident in Lake City, Florida, due to a ransomware attack was temporary. The incident paralyzed the city's computer systems, including phone lines, email, and online utility payments. The attack began on June 10 when an employee clicked on a malicious email, infecting the city's computers with ransomware. The city's information technology staff made strides in restoring systems after paying the ransom, indicating a temporary disruption [85970].
(b) The software failure incident in Lake City, Florida, was not permanent as the city's information technology staff had already been making progress in recovering the systems after paying the ransom. Additionally, the article mentions that there is a chance Lake City could have decrypted the ransomware on its own, as security experts have successfully unscrambled similar ransomware strains in 3 to 5 percent of cases [85970]. |
| Behaviour |
crash, omission, value, byzantine, other |
(a) crash: The software failure incident in Lake City, Florida, was due to a ransomware attack that disabled the city's computer systems, leading to a system crash where the computers were paralyzed and unable to perform their intended functions [85970].
(b) omission: The ransomware attack resulted in the omission of performing various functions by the city's computer systems, such as disrupting phone lines, email services, and online utility payments [85970].
(c) timing: The timing of the software failure incident was crucial as the attack occurred on June 10, and the city faced challenges in restoring its systems promptly, leading to the decision to pay the ransom to expedite the recovery process [85970].
(d) value: The software failure incident resulted in the system performing its intended functions incorrectly, as the ransomware attack encrypted the city's data and demanded a ransom for its release [85970].
(e) byzantine: The ransomware attack can be considered a form of Byzantine failure, where the attackers behaved erroneously by demanding a ransom in exchange for decrypting the city's data, showcasing inconsistent and malicious interactions with the city's computer systems [85970].
(f) other: The software failure incident also involved the behavior of the system being vulnerable to malicious emails, leading to the initial infection with ransomware, highlighting a security flaw in the system's defenses against external threats [85970]. |