| Recurring |
multiple_organization |
(a) The article does not provide information about a similar incident happening again within the same organization or with its products and services.
(b) The article mentions that the City of Atlanta had implemented measures in the past to mitigate risks related to cyberattacks. Deputy Chief Information Officer Daphne Rackley stated that they had a "cloud strategy" to migrate critical systems to secure infrastructure, indicating previous efforts to enhance security [68976]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Atlanta was related to a ransomware attack that prevented users from accessing the city's systems until a ransom was paid. This incident was a result of malicious software infiltrating the city's information systems, indicating a failure due to contributing factors introduced by system development or system updates [68976].
(b) The operation of the city's systems was impacted by the ransomware attack, leading to outages on various customer-facing applications used for bill payments and accessing court-related information. The attack affected several departments, encrypting some city data while investigators worked to determine the full scope of the incident. This aspect of the failure can be attributed to contributing factors introduced by the operation or misuse of the system [68976]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in Atlanta was caused by a ransomware attack, which is a type of malicious software that prevents or limits users from accessing their system by locking them out until a ransom is paid. The attack encrypted city data and led to outages in various customer-facing applications, including those used to pay bills and access court-related information [68976]. The incident involved vulnerabilities within the city's information systems that allowed the ransomware to infiltrate and encrypt data.
(b) outside_system: The ransomware attack on the city of Atlanta originated from outside the system, as it was a deliberate cyberattack by unknown perpetrators who demanded a ransom in bitcoin to unlock the entire system. The attack prompted investigations by the Federal Bureau of Investigation and the Department of Homeland Security to determine the scope and impact of the cyberattack [68976]. The city sought guidance from federal partners on how to navigate the situation, indicating that the attack was external to the city's own systems and infrastructure. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in Atlanta was due to non-human actions, specifically a ransomware attack. The attack involved malicious software that prevented users from accessing the city's systems until a ransom was paid in bitcoin [68976].
(b) Human actions were also involved in the response to the software failure incident. The city of Atlanta engaged Microsoft and Cisco's Incident Response Services to investigate the attack. Additionally, the city had implemented measures in the past to mitigate risks, such as a "cloud strategy" to migrate critical systems to secure infrastructure [68976]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in Atlanta was not attributed to hardware issues. The incident was caused by a ransomware attack, which is a type of malicious software that prevents users from accessing their systems until a ransom is paid [68976].
(b) The software failure incident in Atlanta was directly related to software issues. Specifically, the city experienced a ransomware attack that encrypted some city data and caused outages on various customer-facing applications used for bill payments and accessing court-related information [68976]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in Atlanta was malicious in nature, as it was a ransomware attack aimed at locking users out of the system until a ransom was paid. The attack involved a demand for payment in bitcoin to unlock the entire system, indicating that the objective was to extort money from the city [68976].
(b) There is no information in the articles to suggest that the software failure incident was non-malicious. |
| Intent (Poor/Accidental Decisions) |
unknown |
[a68976]
The software failure incident in Atlanta, involving a ransomware attack, does not explicitly point to poor decisions or accidental decisions as contributing factors. The incident primarily highlights the impact of the attack, the ransom demand, the investigation by federal agencies, and the precautions advised to employees and the public. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in Atlanta was not attributed to development incompetence. The incident was a ransomware attack, which is a malicious software that prevents users from accessing their systems until a ransom is paid. The attack led to outages in various customer-facing applications, including those used to pay bills and access court-related information [68976].
(b) The software failure incident in Atlanta was accidental in the sense that the city did not intentionally introduce the ransomware attack. The attack was initiated by external malicious actors who demanded a ransom to unlock the city's system. The city engaged in investigations with the help of federal partners like the FBI and DHS to determine the scope of the attack and seek guidance on the best course of action [68976]. |
| Duration |
permanent, temporary |
(a) The software failure incident in Atlanta, where the city's systems were affected by a ransomware attack, can be considered temporary. The incident caused outages on various customer-facing applications, including those used to pay bills and access court-related information. The city's payroll was not affected, and public safety and water services continued to operate without incident [68976].
(b) The software failure incident in Atlanta can also be considered permanent to some extent. The city's data remained encrypted while investigators worked to determine the scope of the attack. The city engaged Microsoft and Cisco's Incident Response Services in the investigation, indicating a prolonged effort to address the breach and its consequences [68976]. |
| Behaviour |
other |
(a) crash: The software failure incident in Atlanta was not described as a crash where the system loses state and does not perform any of its intended functions [68976].
(b) omission: The incident did not involve the system omitting to perform its intended functions at an instance(s) [68976].
(c) timing: The failure was not related to the system performing its intended functions correctly but too late or too early [68976].
(d) value: The incident did not involve the system performing its intended functions incorrectly [68976].
(e) byzantine: The behavior of the software failure incident in Atlanta was not described as byzantine, where the system behaves erroneously with inconsistent responses and interactions [68976].
(f) other: The software failure incident in Atlanta was related to a ransomware attack that prevented or limited users from accessing the system until a ransom was paid. This behavior falls under the category of a malicious attack rather than a specific software failure behavior [68976]. |