| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
Evil Corp, the Russian hacking group behind the WastedLocker ransomware attack, has a history of conducting ransomware attacks. In 2019, Evil Corp was involved in a fraud scheme that targeted banks in 40 different countries, collecting over $100 million. This indicates that the group has targeted organizations, including financial institutions, in the past [101423].
(b) The software failure incident having happened again at multiple_organization:
The WastedLocker ransomware attack conducted by Evil Corp has affected at least 31 major American corporations, including eight Fortune 500 companies and one major news publication. This indicates that the ransomware attack has targeted multiple organizations simultaneously, showing a widespread impact across various sectors [101423]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in the articles can be attributed to the design phase. The ransomware attack, known as WastedLocker, was initiated through a malicious software update window that was clicked by a worker, leading to the installation of the ransomware on the person's computer. This attack vector was designed to unlock permissions on the remote corporate network the person was connected to, eventually locking the entire company out of its systems to extract a ransom payment. The software update window was launched from legitimate websites whose security Evil Corp had breached, indicating a design flaw in the system that allowed for this type of attack to occur [101423].
(b) The software failure incident is not directly linked to the operation phase or misuse of the system. The attack was initiated through a deceptive software update window and targeted individuals working from home connected to their employer's corporate networks through VPN. The operation or misuse of the system by the employees does not seem to be a contributing factor to the ransomware attack described in the articles. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident in this case, the ransomware attack by the Russian hacking group Evil Corp using WastedLocker, can be categorized as a within_system failure. The ransomware is first downloaded on a worker's computer after clicking a malicious software update window, which then begins unlocking permissions on the remote corporate network the person is connected to, eventually locking the entire company out of its systems to extract a ransom payment [101423]. This failure originates from within the system itself, exploiting vulnerabilities in the software and network connections used by the targeted employees. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case is attributed to a non-human action, specifically a breach by the Russian hacking group Evil Corp using a sophisticated ransomware called WastedLocker. The ransomware is designed to be downloaded onto a worker's computer after clicking a malicious software update window, which then proceeds to unlock permissions on the remote corporate network and eventually lock the entire company out of its systems to extract a ransom payment. This breach was not caused by human actions within the targeted companies but rather by the actions of the hackers [101423].
(b) On the other hand, human actions are involved in the response to the incident, such as the cybersecurity firm Symantec's analysis and attribution of the breach to Evil Corp. Additionally, the response from the targeted companies in dealing with the aftermath of the ransomware attack involves human actions in terms of mitigation, investigation, and potential negotiations with the hackers for ransom payment [101423]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- The software failure incident reported in the article is not attributed to hardware issues but rather to a breach by the Russian hacking group Evil Corp using ransomware targeting employees working from home [101423].
(b) The software failure incident occurring due to software:
- The software failure incident reported in the article is attributed to a sophisticated new ransomware called WastedLocker, which is used by the Russian hacking group Evil Corp to breach major American corporations [101423]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious, as it was a result of a ransomware attack orchestrated by the Russian hacking group Evil Corp targeting major American corporations [101423]. The ransomware, named WastedLocker, was designed to lock the entire company out of its systems to extract a ransom payment. The attack was specifically aimed at people working from home who were connected to their employer's corporate networks through VPN, with the ransomware being distributed through a fake software update window on legitimate websites that Evil Corp had breached. This indicates a deliberate intent to harm the systems of these organizations. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident involving the ransomware attack by the Russian hacking group Evil Corp was a result of poor decisions made by the hackers. They specifically targeted major American corporations, including Fortune 500 companies, with the goal of extracting ransom payments by locking the entire company out of its systems [101423].
- The hackers used a sophisticated ransomware called WastedLocker, which was designed to target employees working from home and connected to their employer's corporate networks through VPN. The ransomware was initiated through a malicious software update window, which was distributed through legitimate websites that Evil Corp had breached [101423].
(b) The intent of the software failure incident related to accidental_decisions:
- The software failure incident was not due to accidental decisions but rather a deliberate and calculated attack by the Russian hacking group Evil Corp to target major American corporations for financial gain [101423]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the articles can be attributed to development incompetence as the Russian hacking group Evil Corp, known for their sophisticated cyber attacks, breached 31 major American corporations with a new ransomware attack called WastedLocker. This attack targeted employees working from home by tricking them into clicking on a malicious software update window, which then installed the ransomware on their computers. The ransomware was designed to unlock permissions on the remote corporate network the person was connected to, eventually locking the entire company out of its systems to extract a ransom payment. This incident showcases the level of expertise and sophistication of the hackers in exploiting vulnerabilities in software systems [101423].
(b) The software failure incident can also be considered accidental in the sense that the employees who were targeted by the ransomware attack may have unintentionally clicked on the malicious software update window while browsing legitimate websites. The attack was designed to appear as a legitimate software update window, leading the users to unknowingly redirect to a separate web host containing the ransomware. This accidental interaction by the employees with the malicious software update window initiated the process of infecting the corporate networks with the ransomware, highlighting how easily users can fall victim to such attacks without intending to do so [101423]. |
| Duration |
permanent |
(a) The software failure incident described in the articles is more likely to be permanent. The ransomware attack by the Russian hacking group Evil Corp, using the WastedLocker ransomware, is a deliberate and malicious act aimed at locking entire companies out of their systems until a ransom is paid. This type of attack is not a temporary glitch or error but a planned and sustained effort to extract money from the targeted organizations [101423]. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The ransomware attack described in the article involves the system omitting to perform its intended functions at an instance(s) by locking the entire company out of its own systems to extract a ransom payment. This omission occurs after the ransomware unlocks permissions on the remote corporate network the person is connected to, with the goal of eventually locking the entire company out of its own systems to extract a ransom payment [101423].
(c) timing: The software failure incident is not related to the system performing its intended functions correctly but too late or too early.
(d) value: The ransomware attack described in the article involves the system performing its intended functions incorrectly by locking the entire company out of its own systems to extract a ransom payment [101423].
(e) byzantine: The software failure incident in the article is not described as a byzantine failure where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The other behavior of the software failure incident is the ransomware attack targeting specific individuals working from home who are connected to their employer's corporate networks through VPN by tricking them into clicking a malicious software update window that leads to the installation of the ransomware [101423]. |