| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
- The University of Maastricht experienced a ransomware attack that led to the payment of a ransom to unblock its computer systems [95993].
- The initial breach was caused by an unidentified staff member clicking on a phishing email [95993].
(b) The software failure incident having happened again at multiple_organization:
- The article does not provide specific information about similar incidents happening at other organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident at the University of Maastricht was primarily due to a design-related factor. The initial breach that led to the ransomware attack was caused by an unidentified staff member clicking on a phishing email a month earlier. This indicates a vulnerability in the system design or security protocols that allowed the attack to occur [95993].
(b) Additionally, the operation of the system also played a role in the software failure incident. The ransomware attack unfolded on Dec. 24, indicating that the attack was able to penetrate the system and cause disruption in the operation of the university's computer systems, including email and computers [95993]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident at the University of Maastricht was primarily within the system. The initial breach occurred when an unidentified staff member clicked on a phishing email, which was an internal action that led to the compromise of the university's computer systems [95993]. Additionally, the decision to pay the ransom to unblock the systems was made internally by the university's leadership after considering the alternatives, such as rebuilding the IT network from scratch [95993]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident at the University of Maastricht was primarily due to non-human actions. The initial breach occurred when an unidentified staff member clicked on a phishing email, leading to the infiltration of the university's computer systems by the TA505 hacker group [95993]. The ransomware attack and subsequent blocking of computer systems were consequences of this non-human action.
(b) Human actions also played a role in the software failure incident. The decision to pay the ransom of 30 bitcoin (equivalent to 200,000 euros) was made by the university's leadership after considering the alternatives, which included rebuilding the entire IT network from scratch. This decision was based on the impact on the work of students, scientists, staff, and the institution's continuity [95993]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident at the University of Maastricht was not directly attributed to hardware issues. The incident was a result of a ransomware attack where hackers blocked the university's computer systems, including email and computers, after an initial breach caused by a staff member clicking on a phishing email [95993].
(b) The software failure incident was primarily due to contributing factors originating in software, specifically the ransomware attack carried out by the TA505 criminal group. The attack led to the blocking of the university's computer systems, necessitating the payment of a ransom to unblock the systems [95993]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident at the University of Maastricht was malicious in nature. It was a ransomware attack where hackers demanded a ransom of 30 bitcoin to unblock the university's computer systems, including email and computers. The attack was initiated by a phishing email clicked on by an unidentified staff member, leading to the breach by the Russian-speaking criminal group TA505 [95993]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions. The University of Maastricht disclosed that the ransomware attack, which led to the payment of a ransom to hackers, originated from an unidentified staff member clicking on a phishing email a month earlier. This action of clicking on the phishing email was a poor decision that ultimately led to the breach and subsequent ransom payment [95993]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident at the University of Maastricht was not attributed to development incompetence. Instead, it was caused by a staff member clicking on a phishing email, leading to the initial breach that allowed the hackers to infiltrate the university's systems [95993].
(b) The software failure incident at the University of Maastricht can be categorized as an accidental failure. The breach occurred when an unidentified staff member accidentally clicked on a phishing email, which ultimately led to the ransomware attack and the subsequent need to pay a ransom to unblock the computer systems [95993]. |
| Duration |
temporary |
The software failure incident at the University of Maastricht was temporary in nature. The incident involved a ransomware attack that blocked the university's computer systems, including email and computers, after an attack on December 24. The university decided to pay the ransom to unblock the systems, indicating that the failure was temporary and could be resolved by taking specific actions [95993]. |
| Behaviour |
other |
(a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [95993].
(b) omission: The failure is not attributed to the system omitting to perform its intended functions at an instance(s) [95993].
(c) timing: The incident is not related to the system performing its intended functions correctly but too late or too early [95993].
(d) value: The failure is not due to the system performing its intended functions incorrectly [95993].
(e) byzantine: The software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions [95993].
(f) other: The behavior of the software failure incident in the article is related to a ransomware attack that blocked the university's computer systems, including email and computers, after an initial breach caused by a staff member clicking on a phishing email. The incident led to the university paying a ransom to unblock its systems, highlighting the impact of cyber attacks on institutions [95993]. |