<p>Following a massive cyberattack on its popular Canvas learning management system, education software provider Instructure said it had struck a deal with malicious hackers to recover its stolen data. Instructure did not disclose the terms of the deal, but experts say it likely included a significant ransomware payment, reigniting debate around <a href=”https://www.techtarget.com/searchsecurity/tip/Should-companies-pay-ransomware-and-is-it-illegal-to”>paying cybercriminals to end attacks</a>. While the FBI strongly discourages paying attackers, <a target=”_blank” href=”https://www.absolute.com/press-releases/new-research-cisos-ransomware-trends” rel=”noopener”>research</a> from Absolute Security found that more than half of CISOs — 58% — would consider doing so.</p>
<section class=”section main-article-chapter” data-menu-title=”What happened in the Canvas cyberattack”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>What happened in the Canvas cyberattack</h2>
<p>According to Instructure, threat actors broke into its systems on both April 29 and May 7, leading to an outage in the company’s Canvas ed tech platform, which thousands of schools worldwide use to manage assignments, course materials, messages and grades. The attack caused widespread disruption and exposed users’ personally identifiable information, including names, email addresses, student ID numbers and confidential messages between students and teachers.</p>
<p>Threat actor group ShinyHunters claimed responsibility for the attack, saying it stole 3.65 TB of Instructure’s data, including information belonging to around 275 million users across almost 9,000 schools.</p>
<p>On May 11, Instructure issued a <a target=”_blank” href=”https://www.instructure.com/incident_update” rel=”noopener”>public statement</a> saying it had reached an agreement with the attackers and that Canvas is now fully operational and safe to use.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”To pay or not to pay — that is the question”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>To pay or not to pay — that is the question</h2>
<p>As part of the settlement, the threat actors reportedly returned Instructure’s data, destroyed copies and promised not to further extort the company’s customers. But <a href=”https://www.techtarget.com/searchsecurity/feature/Ransomware-negotiation-Does-it-work-and-should-you-try-it”>deals with malicious hackers</a> come with no guarantees, cautioned Michael Klein, senior director for preparedness and response at the Institute for Security and Technology.</p>
<div class=”pro-features-wrapper”></div>
<p>”You can’t trust that a cybercriminal group is going to keep their word and not then go and extort all of the people downstream of that anyway,” KIein <a target=”_blank” href=”https://www.cybersecuritydive.com/news/canvas-agreement-threat-actors–ransomware/820084/” rel=”noopener”>told K-12 Dive</a>, a TechTarget Security sister publication.</p>
<p>Research suggests there is little honor among cyber thieves. A CrowdStrike <a target=”_blank” href=”https://go.crowdstrike.com/State-of-Ransomware-Survey.html” rel=”noopener”>survey</a> found 93% of victims who paid their attackers still had their data stolen, and 83% were attacked again.</p>
<p>Despite such unfavorable odds, an organization might decide, based on business risk, that paying a ransom is worth it — if it can’t survive without the stolen data, for example, or if operational disruptions and reputational fallout will likely cost more than the ransom itself. In an attack on a hospital or other critical infrastructure, lives might even be at stake.</p>
<p>The FBI and other law enforcement agencies strongly discourage paying ransomware operators, saying it encourages cybercrime and often leads to double- or <a href=”https://www.techtarget.com/searchsecurity/definition/triple-extortion-ransomware”>triple-extortion attacks</a>, in which threat actors return to make additional demands.</p>
<p>While making ransomware payments is generally legal in the U.S., it is illegal to send money to certain nation-states and affiliated groups for any reason. The Treasury Department <a target=”_blank” href=”https://ofac.treasury.gov/media/912981/download?inline” rel=”noopener”>warned</a> in 2021 that making ransom payments that enrich sanctioned countries, groups or individuals could result in civil penalties.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”FBI warns additional extortion attacks are possible”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>FBI wa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: