Incident: Ransomware Attack on MNH Platinum's Company Network.

Published Date: 2016-02-08

Postmortem Analysis
Timeline 1. The software failure incident at the vehicle hire company MNH Platinum happened early last year [40520]. Estimation: Step 1: The article mentions that the incident happened early last year. Step 2: The article was published on 2016-02-08. Step 3: The incident likely occurred in early 2015.
System The software failure incident described in the article was a result of a ransomware attack that encrypted over 12,000 files on the company's network after an employee clicked on a malicious email link. The incident highlighted vulnerabilities in the company's cybersecurity measures, leading to the encryption of crucial company data and a ransom demand. 1. Email system - The failure occurred when an employee clicked on a malicious email link, leading to the introduction of the ransomware into the company's network [40520].
Responsible Organization 1. Cyber-criminals who sent a virus through a phishing email that encrypted the company's files [40520].
Impacted Organization 1. MNH Platinum vehicle hire company [40520]
Software Causes 1. Ransomware attack through a phishing email that encrypted over 12,000 files on the company network, leading to a ransom demand [40520].
Non-software Causes 1. Lack of awareness of the magnitude of a cyber breach through mistakenly clicking a link in an email [40520] 2. Small businesses feeling they are not likely to be a target due to their size [40520] 3. Small businesses having lower defenses than larger organizations due to lack of financial and human resources [40520] 4. People being the weakest link in any security chain, leading to data breaches [40520]
Impacts 1. The software failure incident resulted in the encryption of over 12,000 files on the company network, leading to a ransom demand of more than £3,000 [40520]. 2. The incident highlighted the lack of awareness and preparedness of small businesses like MNH Platinum in dealing with cyber breaches, emphasizing the need for better cybersecurity measures [40520]. 3. Small businesses, including MNH Platinum, are increasingly becoming targets for cyber-criminals, with a significant rise in security breaches reported [40520]. 4. The incident led to financial implications for the company, as they had to pay the ransom to retrieve crucial company data, impacting their operational costs [40520]. 5. The incident underscored the importance of implementing cybersecurity measures such as secure passwords, antivirus software, regular software updates, and staff education on cyber risks to mitigate future incidents [40520].
Preventions 1. Implementing regular software updates containing vital security upgrades [40520]. 2. Educating staff on cyber-risks and promoting awareness within the organization [40520]. 3. Using secure passwords, such as three random words, to enhance security [40520]. 4. Installing antivirus and malware software on all company devices to prevent attacks [40520]. 5. Subscribing to government-backed schemes like Cyber Essentials to improve security measures [40520].
Fixes 1. Implementing secure passwords such as three random words [40520]. 2. Installing antivirus and malware software on all company devices [40520]. 3. Instigating regular software updates that contain vital security upgrades [40520]. 4. Educating staff on cyber-risks [40520]. 5. Subscribing to the government-backed Cyber Essentials scheme [40520].
References 1. Managing director Mark Hindle of MNH Platinum [40520] 2. Toni Allen, UK head of client propositions at the British Standards Institute (BSI) [40520] 3. Cyber security expert Sarah Green, business manager for Cyber Security at Training 2000 [40520] 4. Stephen Ridley, acting head of technology, cyber and data for insurance company Hiscox UK and Ireland [40520] 5. Duncan Sutcliffe, owner of insurance firm Sutcliffe & Co in Worcester [40520] 6. Alex Fenton, digital business expert and lecturer at Salford University [40520]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization <Article 40520> provides information about a software failure incident at MNH Platinum, a vehicle hire company. The incident involved a ransomware attack where a virus encrypted over 12,000 files on the company network after an employee clicked on a malicious email link. The company had to pay a ransom to retrieve their crucial data [40520]. Regarding the recurrence of such incidents: (a) one_organization: The article does not mention any previous incidents of software failure within MNH Platinum. (b) multiple_organization: The article mentions that MNH Platinum's case is not isolated, indicating that similar incidents have occurred at other organizations as well. It highlights that small businesses, in general, are increasingly becoming targets of cyber-criminals due to their vulnerabilities and lack of preparedness [40520].
Phase (Design/Operation) unknown The articles do not provide specific information about a software failure incident related to the development phases, whether it be design or operation. Therefore, it is unknown how the incident was specifically related to the development phases in terms of design or operation.
Boundary (Internal/External) within_system (a) within_system: The software failure incident described in the article is primarily within the system. The failure occurred due to a virus that encrypted over 12,000 files on the company's network after an employee mistakenly clicked on an email link [40520]. The virus led to a ransom demand, indicating that the failure originated from within the system's network and security vulnerabilities. Additionally, the incident highlights the importance of implementing cybersecurity measures such as secure passwords, antivirus software, and regular software updates to mitigate such internal risks.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: The software failure incident in the article was caused by a virus that encrypted over 12,000 files on the company's network after a staff member clicked on an email link. This non-human action of clicking the link introduced the contributing factor of the virus into the system, leading to the encryption of files and the subsequent ransom demand [40520]. (b) The software failure incident occurring due to human actions: The article highlights that human actions, specifically the staff member clicking on an email link, played a crucial role in introducing the virus into the company's network, leading to the encryption of files and the ransom demand. Additionally, the lack of awareness and preparedness on the part of the company's management regarding cyber breaches and the potential consequences of clicking on suspicious links also contributed to the incident [40520].
Dimension (Hardware/Software) software (a) The articles do not provide information about a software failure incident occurring due to contributing factors originating in hardware [40520]. (b) The software failure incident reported in the article is related to a ransomware attack where a virus encrypted over 12,000 files on the company's network after a staff member clicked on an email link. This incident originated from a software-related issue, specifically the malware that infected the company's systems [40520].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident described in the article is malicious in nature. It involved a ransomware attack where a virus encrypted over 12,000 files on the company network after a staff member mistakenly clicked on an email link. The criminals demanded a ransom in exchange for decrypting the company's files [40520]. The incident highlights the threat posed by cyber-criminals who target small businesses with the intent to harm their systems and extort money.
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident described in the article was primarily due to poor decisions made by the staff at the vehicle hire company MNH Platinum. The incident occurred when an employee clicked on an email link that led to a virus encrypting over 12,000 files on the company network [40520]. This poor decision ultimately led to a ransom demand and the company having to pay a significant amount to retrieve their crucial data. Additionally, the lack of awareness and preparedness for a cyber breach, as mentioned by the managing director, Mark Hindle, further emphasizes the poor decisions that contributed to the software failure incident.
Capability (Incompetence/Accidental) accidental (a) The articles do not specifically mention a software failure incident occurring due to development incompetence. (b) The software failure incident mentioned in the articles is related to a ransomware attack on a vehicle hire company MNH Platinum. The incident occurred due to staff accidentally clicking on an email link that led to the encryption of over 12,000 files on the company network [40520]. This accidental action by the staff led to the ransom demand and the subsequent loss of crucial company data.
Duration temporary The software failure incident described in the article was temporary. It was caused by the introduction of contributing factors, specifically the virus that encrypted over 12,000 files on the company network, leading to a ransom demand [40520]. The incident was not permanent as the company had to pay the ransom to retrieve the crucial company data, indicating that the failure was due to specific circumstances introduced by the virus attack.
Behaviour crash, omission, other (a) crash: The software failure incident described in the article can be categorized as a crash. The incident involved a virus that encrypted over 12,000 files on the company network, leading to a situation where the system was unable to perform its intended functions due to the loss of crucial company data [40520]. (b) omission: The incident can also be related to omission as the system failed to prevent the virus from encrypting the files on the company network, omitting to perform its intended function of protecting the data from such attacks [40520]. (c) timing: There is no specific mention of timing-related failures in the article. (d) value: The incident does not directly relate to a failure in performing intended functions incorrectly. (e) byzantine: The incident does not exhibit characteristics of a byzantine failure. (f) other: The other behavior exhibited by the software failure incident is vulnerability to cyber-attacks, specifically ransomware, which led to the encryption of files and the demand for ransom, highlighting a security flaw in the system [40520].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, non-human (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident described in the article resulted in a virus encrypting over 12,000 files on the company network of MNH Platinum, a vehicle hire company. This encryption of files led to a ransom demand from cybercriminals, who offered to decrypt the company's files in exchange for more than £3,000. The firm had to pay the ransom as the virus was impossible to remove without the risk of losing crucial company data, impacting their property in the form of data loss and financial loss [40520].
Domain information (a) The failed system in the article was related to the production and distribution of information. The software failure incident involved a vehicle hire company, MNH Platinum, being the victim of a virus that encrypted over 12,000 files on its company network, leading to a ransom demand [40520]. This incident highlights the importance of cybersecurity for businesses involved in information management and distribution. (b) No information provided in the articles about transportation-related software failure incidents. (c) No information provided in the articles about natural resources-related software failure incidents. (d) No information provided in the articles about sales-related software failure incidents. (e) No information provided in the articles about construction-related software failure incidents. (f) No information provided in the articles about manufacturing-related software failure incidents. (g) No information provided in the articles about utilities-related software failure incidents. (h) No information provided in the articles about finance-related software failure incidents. (i) No information provided in the articles about knowledge-related software failure incidents. (j) No information provided in the articles about health-related software failure incidents. (k) No information provided in the articles about entertainment-related software failure incidents. (l) No information provided in the articles about government-related software failure incidents. (m) The failed system in the article is not directly related to any of the industries mentioned in options (a) to (l).

Sources

Back to List