Incident: GCSE Coursework Lost in Ransomware Attack at Bridport School

Published Date: 2019-03-13

Postmortem Analysis
Timeline 1. The software failure incident at Sir John Colfox Academy in Bridport, Dorset, happened on an unspecified date prior to the article's publication on March 13, 2019 [Article 82465].
System 1. School computer network at Sir John Colfox Academy [Article 82465]
Responsible Organization 1. Hackers using ransomware to encrypt files at the Sir John Colfox Academy in Bridport, Dorset [82465].
Impacted Organization 1. Year 11 students at Sir John Colfox Academy in Bridport, Dorset [82465]
Software Causes 1. Ransomware attack through an email containing a virus that encrypted files on the school's computer network [82465].
Non-software Causes 1. A member of staff mistakenly opened an email containing a virus, leading to the infection of the computer network at Sir John Colfox Academy [82465].
Impacts 1. Some students' GCSE coursework was lost due to the ransomware attack at Sir John Colfox Academy in Bridport, Dorset [82465]. 2. Year 9 and 10 reports will be delayed by at least a week as a result of the incident [82465]. 3. The school's reputation may have been damaged, and explanations will be needed for parents and pupils affected by the attack [82465].
Preventions 1. Regular cybersecurity training for staff and students to educate them on identifying and avoiding phishing emails and suspicious links [82465]. 2. Implementing strong cybersecurity practices such as keeping anti-virus software up to date [82465]. 3. Regularly backing up important data on external drives to prevent data loss in case of a ransomware attack [82465].
Fixes 1. Implement regular cybersecurity training for all staff and students to educate them on recognizing and avoiding phishing emails and suspicious links [82465]. 2. Ensure all systems are regularly updated with the latest anti-virus software to prevent malware infections [82465]. 3. Establish a robust data backup system, including storing critical data on external drives or cloud storage, to mitigate the impact of ransomware attacks [82465]. 4. Encourage schools and public institutions to allocate budget resources for cybersecurity measures to protect against potential cyber threats [82465].
References 1. Head teacher David Herbert at Sir John Colfox Academy 2. BBC technology reporter Jane Wakefield 3. Dorset Police 4. Mark Orchison, managing director of technology specialists in education 9ine

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident of a cyber attack using ransomware to encrypt files at a school has happened before at other organizations or within the same organization. The article mentions that schools and public institutions, such as hospitals, have become regular victims of ransomware attacks because hackers believe they are less likely to have good cyber practices [82465]. This indicates that similar incidents have occurred before in educational institutions like schools. (b) The article also highlights that there has been a "significant increase" in cyber attacks on academy trusts, urging school leaders to take action [82465]. Additionally, the managing director of technology specialists in education mentioned that 20% of schools reported being victims of cyber attacks, and many incidents are under-reported [82465]. This suggests that similar incidents have occurred at multiple organizations in the education sector.
Phase (Design/Operation) design, operation (a) The software failure incident at Sir John Colfox Academy in Bridport, Dorset, where GCSE coursework was lost due to a cyber attack can be attributed to the design phase. The incident occurred when a member of staff mistakenly opened an email containing a virus, which then infected the computer network and encrypted files, leading to the loss of students' coursework [82465]. (b) The software failure incident can also be linked to the operation phase. This is evident from the fact that the attack was successful due to the operation or misuse of the system, where a staff member unknowingly opened the malicious email, allowing the ransomware to infiltrate the network and cause the loss of data [82465].
Boundary (Internal/External) within_system, outside_system (a) The software failure incident at Sir John Colfox Academy was within the system. The failure occurred when a member of staff mistakenly opened an email containing a virus, which then infected the computer network and encrypted files, leading to the loss of students' GCSE coursework [82465]. The incident was a result of internal factors within the school's system, such as the lack of proper cybersecurity measures and the vulnerability to phishing attacks.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident at Sir John Colfox Academy was caused by a cyber attack using ransomware. Hackers encrypted files on the school's computer network after a staff member mistakenly opened an email containing a virus. This non-human action of malware infecting the system led to the loss of students' GCSE coursework [82465]. (b) The software failure incident occurring due to human actions: The human action that contributed to the software failure incident was the staff member's mistake of opening an email containing the virus. This action introduced the ransomware into the school's network, leading to the encryption of files and the loss of coursework [82465].
Dimension (Hardware/Software) software (a) The software failure incident at Sir John Colfox Academy was not due to hardware issues but rather originated from a member of staff mistakenly opening an email containing a virus, leading to the encryption of files through ransomware [82465]. This incident highlights the importance of cybersecurity measures and user awareness to prevent such attacks. (b) The software failure incident at the academy was primarily caused by the ransomware attack initiated through the email containing malicious software. This incident demonstrates the impact of software-related vulnerabilities and the need for robust cybersecurity practices to protect against such attacks [82465].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident at Sir John Colfox Academy was malicious in nature. Hackers used ransomware to encrypt files at the school, causing the loss of some students' GCSE coursework. The attack was initiated when a member of staff mistakenly opened an email containing a virus, which then infected the computer network [82465]. The incident involved malicious intent to harm the system and extort ransom from the school.
Intent (Poor/Accidental Decisions) poor_decisions, accidental_decisions (a) poor_decisions: The software failure incident at Sir John Colfox Academy was a result of poor decisions, specifically a member of staff mistakenly opening an email containing a virus, which led to the encryption of files and the loss of students' GCSE coursework [82465]. Additionally, the incident highlights the lack of good cyber-practices in schools and the importance of taking preventative measures such as backing up data, keeping anti-virus software up to date, and educating users about cybersecurity risks [82465].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident at Sir John Colfox Academy was due to development incompetence as a member of staff mistakenly opened an email containing a virus, leading to the encryption of files and loss of students' GCSE coursework [82465]. (b) The software failure incident was accidental as the email containing the virus was opened accidentally by a staff member, triggering the ransomware attack that resulted in the loss of coursework [82465].
Duration temporary The software failure incident at Sir John Colfox Academy in Bridport, Dorset, where GCSE coursework was lost due to a cyber attack involving ransomware can be categorized as a temporary failure. The incident was caused by a member of staff mistakenly opening an email containing a virus, leading to the encryption of files on the school's system [82465]. The school mentioned that specialists were working to rectify the issue, indicating efforts to address and potentially recover from the temporary failure. Additionally, the delay in Year 9 and 10 reports by at least a week suggests a temporary impact of the incident on the school's operations [82465].
Behaviour other (a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [82465]. (b) omission: The software failure incident in the article is not described as an omission where the system omits to perform its intended functions at an instance(s) [82465]. (c) timing: The software failure incident in the article is not described as a timing issue where the system performs its intended functions correctly, but too late or too early [82465]. (d) value: The software failure incident in the article is not described as a value issue where the system performs its intended functions incorrectly [82465]. (e) byzantine: The software failure incident in the article is not described as a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [82465]. (f) other: The software failure incident in the article is described as a ransomware attack where hackers encrypted files at a school, causing it to lose some students' GCSE coursework. This incident involves malicious software being installed on a victim's computer, encrypting all files, and demanding a ransom for data recovery [82465].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The consequence of the software failure incident in the provided article was primarily related to property being impacted. Specifically, the school lost some students' GCSE coursework due to the ransomware attack on their system [82465]. Additionally, there was a delay in issuing Year 9 and 10 reports by at least a week due to the incident [82465].
Domain information, knowledge (a) The failed system was related to the education industry, specifically affecting the production and distribution of information related to GCSE coursework at the Sir John Colfox Academy in Bridport, Dorset [82465]. The incident involved the loss of students' coursework due to a ransomware attack that encrypted files on the school's computer network.

Sources

Back to List