Deal reached with hackers to delete data stolen from the Canvas platform(www.nbcnews.com)
21 pointsby fortran77an hour ago9 comments
  • password432131 minutes ago
    This is a duplicate of the following discussion 2 days ago with 258 points and 249 comments:

    https://news.ycombinator.com/item?id=48103668 Instructure pays ransom to Canvas hackers

  • ajay-b35 minutes ago
    I disagree with this path, there is no guarantee, nor can there be, that the data will be deleted. It can be divided up and sold to others with no recourse. The hackers got their money, they are under no obligation to comply with th agreement, and there's no one can could enforce it.
  • iqihsan hour ago
    The parent company should face severe penalties for allowing this kind of breach to happen and also for terrorist financing. We are really living in the Stone Age of information security.
  • registeredcorn19 minutes ago
    > The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack.

    Oh, cool! Maybe they all just sat down with a nice cup of coffee and the hackers decided to delete the data out of the goodness of their hearts.

  • fortran77an hour ago
    They're paying them to delete the data?

    > The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.

    How stupid can they be?

    > The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data.

    Why is the U.S. allowing Canvas to fund North Korean or Russian cyberterrorists?

    • linhnsan hour ago
      If I were the hackers, why would I not release the data in this case?

      Dumb move from Instructure.

      • kurtoidan hour ago
        If they release it now, no one else will pay the ransom
      • thrancean hour ago
        Because then they'll have a reputation of not doing what they're paid to do, which would be the end of their hacking careers.
    • redanddead25 minutes ago
      any active legislation on this? great point
  • victorbjorklundan hour ago
    Really dumb. Just a way to cover their own ass. Of course the hackers won’t actually delete the data. This is just so they can claim it was deleted when everyone knows better.
    • Levitatingan hour ago
      That's not always the case.

      If all hackers would do that ransomware attacks would essentially become worthless.

      It's not uncommon for companies to pay the ransom. They often have insurance that covers it. It's slightly controversial, because paying them essentially makes ransomware attacks worth doing.

  • baggy_troughan hour ago
    These deals should be illegal.
  • greatgiban hour ago
    So stupid, they will pay but have no proof that the hackers will not keep it to leak or sell it again in a few years...
  • dshaqra22 minutes ago
    [flagged]