TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

44% Positive

Analyzed from 449 words in the discussion.

Trending Topics

#hackers#data#ransom#company#life#delete#stupid#pay#canvas#dumb

Discussion (16 Comments)Read Original on HackerNews

password4321about 2 hours ago
This is a duplicate of the following discussion 2 days ago with 258 points and 249 comments:

https://news.ycombinator.com/item?id=48103668 Instructure pays ransom to Canvas hackers

iqihsabout 3 hours ago
The parent company should face severe penalties for allowing this kind of breach to happen and also for terrorist financing. We are really living in the Stone Age of information security.
ajay-babout 2 hours ago
I disagree with this path, there is no guarantee, nor can there be, that the data will be deleted. It can be divided up and sold to others with no recourse. The hackers got their money, they are under no obligation to comply with th agreement, and there's no one can could enforce it.
pixel_poppingabout 1 hour ago
Right, however it's not really true in practice and we have stats for it. Generally it's enough money to set them for life and there is some sort of "moral code" around it as well, the same thing that allow darkmarkets to run.
fortran77about 3 hours ago
They're paying them to delete the data?

> The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.

How stupid can they be?

> The company acknowledged that there was no way to be sure that the data was erased for good, and said it took action because of concerns about potential publication of the data.

Why is the U.S. allowing Canvas to fund North Korean or Russian cyberterrorists?

linhnsabout 3 hours ago
If I were the hackers, why would I not release the data in this case?

Dumb move from Instructure.

kurtoidabout 3 hours ago
If they release it now, no one else will pay the ransom
pixel_poppingabout 1 hour ago
The alternative would be to ruin a part of the life of shitload of students, you find it better? It's not a dumb move at all, most companies pay ransom because the alternative is worse.
thranceabout 3 hours ago
Because then they'll have a reputation of not doing what they're paid to do, which would be the end of their hacking careers.
redanddeadabout 2 hours ago
any active legislation on this? great point
registeredcornabout 2 hours ago
> The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack.

Oh, cool! Maybe they all just sat down with a nice cup of coffee and the hackers decided to delete the data out of the goodness of their hearts.

victorbjorklundabout 2 hours ago
Really dumb. Just a way to cover their own ass. Of course the hackers won’t actually delete the data. This is just so they can claim it was deleted when everyone knows better.
pixel_poppingabout 1 hour ago
I'm almost sure they do, for the sole reason that when you get a few M$ to set you for life like this, you'd rather start erasing all kind of proof possible (even if your opsec is really excellent) to slowly start building-up your new life, maintaining evidences anywhere is stupid and those guys are far from stupid for being able to pull stuff like this.
Levitatingabout 2 hours ago
That's not always the case.

If all hackers would do that ransomware attacks would essentially become worthless.

It's not uncommon for companies to pay the ransom. They often have insurance that covers it. It's slightly controversial, because paying them essentially makes ransomware attacks worth doing.

baggy_troughabout 3 hours ago
These deals should be illegal.
greatgibabout 3 hours ago
So stupid, they will pay but have no proof that the hackers will not keep it to leak or sell it again in a few years...