The Actual News

Just the Facts, from multiple news sources.

Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?

Summary

The education platform Canvas, run by the US firm Instructure, suffered a ransomware attack that stole data from millions of students and staff worldwide. Instructure said it reached an agreement with the hackers, likely involving a ransom payment, to recover and destroy the stolen data.

Key Facts

  • Canvas, used by schools globally, experienced a ransomware attack causing outages and data theft.
  • Hackers called ShinyHunters claimed they stole 3.6 terabytes of data including student IDs, emails, and messages from 275 million people.
  • The attack exploited a weakness in Instructure’s Free for Teacher software, allowing hackers to deface login pages.
  • Instructure reported they “returned” the data and received proof it was destroyed after an agreement with the hackers.
  • Experts believe Instructure probably paid a ransom, possibly up to $10 million, though the company has not confirmed this.
  • Many governments advise against paying ransoms because it can fund criminals and does not guarantee data safety.
  • In Australia, paying designated cybercriminal groups may be illegal, and such payments are reviewed individually for prosecution.
  • Since May 2023, at least 75 Australian companies with revenue over $3 million have paid ransoms under mandatory reporting rules.
Read the Full Article

This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.