| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
- Conti, the ransomware gang, targeted the Costa Rican government in a significant ransomware attack [128642].
- Conti also targeted Peru's finance ministry and intelligence agency around the same time as the Costa Rica attacks [128642].
(b) The software failure incident having happened again at multiple_organization:
- The article does not provide specific information about the same incident happening at multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Costa Rica was primarily due to a ransomware attack carried out by the Conti ransomware gang. The attack targeted various government organizations, including the Ministry of Finance and the Ministry of Labor and Social Security, crippling essential systems such as the digital tax service and customs control [128642].
(b) The operation of the systems was impacted by the ransomware attacks, leading to disruptions in essential services such as international trade, medical appointments, tax payments, and health care systems. The attack on the health care system resulted in offline systems, delays in treatment, rescheduling of appointments, and the need to resort to manual processes [128642]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident in Costa Rica was primarily due to contributing factors that originated from within the system. The ransomware attacks targeted various government organizations and essential services within the country, leading to the encryption of files and crippling of key systems like the digital tax service and customs control within the Ministry of Finance [128642]. The attacks disrupted import and export services, causing significant financial losses and logistical challenges for businesses [128642]. Additionally, the attack on the Costa Rican Social Security Fund's systems impacted healthcare services, leading to disruptions in medical appointments, surgeries, and other healthcare operations [128642].
(b) The software failure incident in Costa Rica was also influenced by contributing factors that originated from outside the system. The ransomware attacks were carried out by external threat actors, specifically the Conti ransomware gang and the HIVE ransomware group, which are believed to have links to each other [128642]. These external threat actors targeted the Costa Rican government and healthcare system, causing widespread chaos and disruptions [128642]. The attacks prompted the government to declare a national emergency in response to the cyber threats [128642]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in Costa Rica was primarily caused by non-human actions, specifically ransomware attacks carried out by the Conti and HIVE ransomware gangs. These attacks led to the encryption of files and the crippling of essential systems within government organizations and the health care system [128642].
(b) Human actions also played a role in the software failure incident as the attackers demanded ransom payments and engaged in political rhetoric on Conti's blog, calling for the overthrow of the Costa Rican government. Additionally, the response to the attacks involved human efforts to defend against the ransomware attacks and mitigate the impact on affected systems [128642]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in Costa Rica was primarily due to ransomware attacks orchestrated by the Conti and HIVE ransomware gangs, which are software-based threats. These attacks targeted various government organizations, including the Ministry of Finance and the Ministry of Labor and Social Security, encrypting files and crippling key systems [128642].
(b) The software failure incident was not directly attributed to hardware failures but rather to the ransomware attacks that exploited vulnerabilities in software systems. The attacks led to the encryption of files, disruption of essential services, and significant financial losses, highlighting the impact of software vulnerabilities on critical infrastructure [128642]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in Costa Rica was malicious in nature, specifically a ransomware attack orchestrated by the Conti ransomware gang [128642]. The attack targeted various government organizations, including the Ministry of Finance and the Ministry of Labor and Social Security, with the intent to disrupt essential services and extort money from the victims. The attackers demanded a ransom payment and threatened to overthrow the government through cyber attacks, showcasing malicious intent to harm the system and cause chaos [128642].
(b) The software failure incident was non-malicious in the sense that it was not caused by accidental errors or system faults, but rather by deliberate actions of the ransomware attackers. The failure was not a result of unintentional mistakes or technical glitches, but rather a targeted and intentional act of cyberterrorism aimed at disrupting government operations and causing financial losses [128642]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident:
- The software failure incident in Costa Rica involving ransomware attacks by the Conti and HIVE groups can be attributed to poor decisions made by these cybercriminal organizations. Conti targeted the Costa Rican government and explicitly called for the government to be overthrown, showcasing a deliberate and malicious intent to disrupt essential services and extort money [128642].
- The attackers demanded a ransom payment from the Costa Rican government and when it was not made, they resorted to uploading stolen files to their website, causing further chaos and disruption [128642].
- Additionally, the attackers' behavior was more erratic and disturbing than usual, as they moved into politics by appealing to residents to organize rallies and overthrow the government through cyberattacks, indicating a deliberate intent to cause political and social unrest [128642]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in Costa Rica was not due to development incompetence but rather a deliberate and sophisticated attack by the Conti ransomware gang. The attacks were well-planned and targeted various government organizations, causing significant disruptions in essential services [128642].
(b) The software failure incident in Costa Rica was accidental in the sense that it was not caused by unintentional errors or mistakes during development, but rather by deliberate actions of cybercriminals. The ransomware attacks were orchestrated by the Conti and HIVE ransomware gangs, indicating a deliberate and malicious intent to disrupt the country's systems and services [128642]. |
| Duration |
permanent, temporary |
(a) The software failure incident in Costa Rica due to the ransomware attacks can be considered as a temporary failure. The attacks occurred over a period of two months, with the first attack starting in mid-April and the second attack at the end of May [Article 128642]. The impact of the attacks was significant, leading to disruptions in essential services, such as medical appointments, tax payments, and international trade. However, the attacks were not permanent in nature as the government and affected organizations were actively responding to the incidents, declaring a national emergency, and working towards recovery and mitigation measures.
(b) The software failure incident in Costa Rica can also be seen as having elements of a permanent failure. The attacks by the Conti ransomware gang and the subsequent impact on the government and health care systems resulted in lasting consequences, such as financial losses, rescheduled medical appointments, disruptions in services, and the need to resort to manual processes [Article 128642]. The attacks had a significant and enduring effect on the country's operations and highlighted the need for improved cybersecurity resilience and resources to protect public institutions in the long term. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident in Costa Rica resulted in a crash as essential services were crippled, causing the government to scramble to respond, international trade to grind to a halt, and medical appointments to be rescheduled [128642].
(b) omission: The software failure incident led to omission as tax payments were disrupted, and staff at affected organizations had to resort to pen and paper to carry out tasks [128642].
(c) timing: The software failure incident did not specifically mention timing-related failures.
(d) value: The software failure incident resulted in a value-related failure as millions were lost due to the attacks, and import/export businesses faced significant losses ranging from $38 million per day up to $125 million over 48 hours [128642].
(e) byzantine: The software failure incident did not exhibit byzantine behavior.
(f) other: The software failure incident also involved the system behaving in a politically motivated manner, with the attacker moving into politics by calling for the overthrow of the Costa Rican government through cyberattacks [128642]. |