| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- Netwalker criminal gang, responsible for the ransomware attack on the University of California San Francisco (UCSF), has been linked to at least two other ransomware attacks on universities in the past two months [101234].
(b) The software failure incident having happened again at multiple_organization:
- The article mentions that criminal gangs, in general, are increasingly using tools that can gain access to systems via a single download, and there have been more than one million emails with phishing lures sent to organizations in various countries [101234]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Article 101234 was primarily due to a design-related factor introduced by the cybercriminals who developed and deployed the ransomware attack on the University of California San Francisco (UCSF). The Netwalker criminal gang attacked UCSF's systems with malware, encrypting important data and demanding a ransom for decryption [101234].
(b) Additionally, the operation of the system played a role in the software failure incident. The IT staff at UCSF had to unplug computers in a race to stop the malware from spreading further, indicating that the operation of the system was impacted by the attack [101234]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident at the University of California, San Francisco (UCSF) was primarily caused by the Netwalker criminal gang's ransomware attack on UCSF's systems. The attack led to the encryption of important data, prompting UCSF to negotiate with the hackers and eventually pay a ransom of $1.14 million to obtain a decryption tool [101234].
(b) outside_system: The external contributing factors to the software failure incident include the actions of the Netwalker criminal gang, who initiated the ransomware attack on UCSF's systems from outside the university's network. Additionally, the incident involved negotiations with the hackers on the dark web, indicating external involvement in the resolution of the attack [101234]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in Article 101234 occurred due to non-human actions, specifically a ransomware attack by the Netwalker criminal gang. The attack involved malware spreading through the university's computers, leading to the encryption of important data. The ransomware attack was initiated by the hackers without direct human participation in introducing the contributing factors that caused the failure [101234].
(b) The software failure incident in Article 101234 also involved human actions in the form of negotiations between the university and the hackers. The university engaged in live chat negotiations on the dark web with the hackers to determine the ransom amount and secure the decryption software. Human actions, such as negotiating the ransom amount and making decisions on payment, played a significant role in the resolution of the incident [101234]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in Article 101234 was not due to hardware issues but rather a ransomware attack by the Netwalker criminal gang. The attack involved malware spreading through the university's computers, leading to data encryption and extortion of a ransom payment [101234].
(b) The software failure incident in Article 101234 was primarily caused by software-related factors, specifically a ransomware attack by the Netwalker criminal gang. The malware encrypted data on the university's systems, leading to the need for a ransom payment to unlock the data. This incident highlights the impact of software vulnerabilities and cyber threats on organizations [101234]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in Article 101234 is malicious in nature. The incident involved a ransomware attack by the Netwalker criminal gang on the University of California San Francisco (UCSF). The hackers encrypted important data of the university and demanded a ransom of $1.14 million in exchange for a tool to unlock the encrypted data and the return of the data they obtained. The hackers engaged in live negotiations with the university on the dark web, demonstrating a deliberate intent to harm the system and extort money from the institution [101234]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident was due to poor decisions made by the University of California, San Francisco (UCSF) in response to the ransomware attack. Despite being advised against it by law enforcement agencies like the FBI, Europol, and the UK's National Cyber Security Centre, UCSF decided to engage in ransom negotiations with the Netwalker criminal gang and ultimately paid a ransom of $1.14 million to retrieve their encrypted data [101234]. This decision to pay the ransom can be considered a poor decision as it goes against the recommended best practices of not financing criminals and encouraging illegal activities.
(b) The intent of the software failure incident was also influenced by accidental decisions made during the negotiation process. Initially, the hackers demanded $3 million from UCSF, but the university explained the financial impact of the coronavirus pandemic and offered $780,000. After negotiations, UCSF managed to gather more funds and made a final offer of $1,140,895, which was accepted by the criminals. This back-and-forth negotiation process and the final decision to pay the ransom can be seen as accidental decisions driven by the circumstances and pressures faced by UCSF during the incident [101234]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident at the University of California, San Francisco (UCSF) was not attributed to development incompetence. The incident was a result of a ransomware attack by the Netwalker criminal gang, where hackers encrypted UCSF's data and demanded a ransom of $1.14 million [101234].
(b) The software failure incident at UCSF was accidental in the sense that the ransomware attack was not intentionally caused by the university or its IT staff. It was an external attack by hackers who exploited vulnerabilities in the university's systems, leading to the encryption of important data [101234]. |
| Duration |
temporary |
The software failure incident reported in Article 101234 was temporary. The incident involved a ransomware attack by the Netwalker criminal gang on the University of California San Francisco (UCSF), which resulted in the encryption of important data. The incident lasted for a specific duration during which negotiations took place between the hackers and the university. The negotiations involved discussions on the ransom amount, with the university eventually paying $1.14 million to the hackers for a decryption tool to unlock the encrypted data [101234]. |
| Behaviour |
crash, other |
(a) crash: The software failure incident in the article can be categorized as a crash. The incident involved malware spreading through the University of California San Francisco's (UCSF) computers, leading the IT staff to unplug the computers in a race to stop the malware from spreading [101234].
(b) omission: The software failure incident does not directly involve an omission where the system omits to perform its intended functions at an instance(s). The incident primarily revolves around a ransomware attack and the subsequent negotiations for payment to unlock encrypted data [101234].
(c) timing: The software failure incident does not align with a timing failure where the system performs its intended functions correctly but too late or too early. The incident mainly focuses on the ransom negotiations and the eventual payment made to the hackers [101234].
(d) value: The software failure incident does not relate to a value failure where the system performs its intended functions incorrectly. The incident primarily involves the ransomware attack, negotiation for payment, and the eventual decryption of the data [101234].
(e) byzantine: The software failure incident does not exhibit a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The incident mainly revolves around the ransomware attack, negotiation process, and the eventual decryption of the data [101234].
(f) other: The behavior of the software failure incident can be categorized as a ransomware attack leading to data encryption, negotiation for ransom payment, and eventual decryption of the data. The incident showcases the impact of cybercriminal activities on organizations and the difficult decisions they face in such situations [101234]. |