惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Engineering at Meta
Engineering at Meta
T
The Blog of Author Tim Ferriss
Recent Announcements
Recent Announcements
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
MongoDB | Blog
MongoDB | Blog
U
Unit 42
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
P
Privacy International News Feed
L
LINUX DO - 最新话题
博客园_首页
博客园 - Franky
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
Visual Studio Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
P
Privacy & Cybersecurity Law Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
C
Cisco Blogs
博客园 - 【当耐特】
阮一峰的网络日志
阮一峰的网络日志
I
Intezer
罗磊的独立博客
MyScale Blog
MyScale Blog
Last Week in AI
Last Week in AI
A
About on SuperTechFans
G
GRAHAM CLULEY
Y
Y Combinator Blog
Microsoft Security Blog
Microsoft Security Blog
GbyAI
GbyAI
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
D
DataBreaches.Net
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
I
InfoQ
T
The Exploit Database - CXSecurity.com
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 叶小钗
Project Zero
Project Zero

The Guardian

Rory McIlroy surges into six-shot Masters lead with stunning second-round flourish ‘That’ll be the end’: actor Sam Neill joins fight to stop controversial goldmine near his New Zealand vineyard Roberto De Zerbi targets ‘Ange-ball’ revival to save Spurs from relegation Bath hit back to reach semi-final after stunning Northampton in 11-try epic Secret Garden to Outcome: the week in rave reviews Zebras, wealth and power: Hungary’s election tests Orbán’s grip on power ‘TikTok effect’ brings sellout crowds and younger fans to Grand National meeting The war over Omagh’s gold: the £21bn mine plan tearing a community apart Britain’s shadow workforce is paid as little as 65p an hour. Who cares for the carers? From You, Me & Tuscany to Euphoria: your complete entertainment guide to the week ahead Six great reads: the man who let snakes bite him, masked heavy metal and the brutal reality for foreign students in the UK American Classic review – I defy you not to fall in love with Kevin Kline and Laura Linney’s tender comedy Cuba’s doctors were a lifeline for the world. Now the Caribbean is shamefully complicit in the US drive to expel them An environmental disaster in Moldova has Russia’s fingerprints all over it RMIT drops misconduct case against student who accused university of being ‘complicit in Gaza genocide’ Ichiro Suzuki statue unveiling goes awry as bronze bat snaps during ceremony Survivors of Epstein’s abuse accuse Melania Trump of ‘shifting burden’ on to victims European football: Real Madrid held at home by Girona to extend winless run Arne Slot insists he is ‘aligned’ with Liverpool board and fans as squad is rebuilt Kamala Harris ‘thinking about’ running for president again in 2028 JD Vance warns Iran against trying to ‘play’ the US in peace talks West Ham double up twice to thrash Wolves and put Spurs in relegation zone Trump administration releases new renderings of so-called ‘Arc de Trump’ Crispin Odey drops £79m libel claim against FT over sexual misconduct allegations Bafta apologises for events surrounding John Davidson’s Tourette’s outburst Cocktail of the week: Bar Shrimp’s la rosita – recipe New drug may extend survival in aggressive ovarian cancer, trial shows One dead and 27 injured after bus with British passengers crashes in Canary Islands Pope adds to Smith’s mass of Surrey runs with England woes a world away OpenAI CEO Sam Altman’s home targeted with molotov cocktail Reform UK local election candidate was twice disciplined by Tories over ‘racist comments’ Remaining in Nato is in best interests of US, says Keir Starmer Prince Harry sued for defamation by charity he co-founded Anthropic’s new AI tool has implications for us all – whether we can use it or not Concerns raised about motorbike tourist trail after death of British teenager in Vietnam The Guardian view on Trump’s civilisational threats: the words that fuel war must be condemned The Guardian view on dystopias for our times: the American nightmare Doctors’ leader claims new reduced pay offer killed chances of ending strikes in England Netanyahu-ism has achieved nothing for Israelis – and come at a monstrously high price Deborah Levy: ‘CS Lewis’s White Witch terrified me – but I wanted to meet her’ How I Shop with Michelle Ogundehin: ‘We grownups have enough stuff already’ Trump’s war and Melania’s Epstein statement, with US editor Betsy Reed – The Latest We have to stop killer motorists on Britain’s roads UK starts crackdown on EU citizens’ post-Brexit rights Londoners aren’t unfriendly – but don’t compare us to New Yorkers The religious right and the perversion of faith Artemis II images reignite moon mission memories Orbán and Magyar trade accusations in last days of Hungary election campaign Reckonwrong: How Long Has It Been? review | Safi Bugel's experimental album of the month Martin Rowson on Middle East peace talks – cartoon Masters magic, the Grand National and Premier League drama – follow with us Fears of UK and EU flight cancellations as airports warn of jet fuel shortages Reform’s petulance over slavery reparations shows it just doesn’t grasp Britain’s place in the modern world Peers vote to ban pornography depicting sex acts between stepfamily members Starbucks’s retail arm gets £13.7m tax credit even as sales increase Flyby review – interstellar musical is a voyage of epic strangeness Grand National preview: Jagwar can deny Irish cohort in Aintree classic Week in wildlife: an ostrich on the lam, a tortoise crossing a road and surfing seals Anger as swifts’ nesting holes in Derbyshire rail viaduct ‘blocked up’ Peter Mandelson faces fixed-penalty notice for urinating in public ‘There’s no shortage of terrifying technology’: how AI became TV drama’s new go-to villain ‘Fresher than anything in a shop’: the best recipe boxes and meal kits for time-poor foodies, tested Who was Hilma? Af Klint exhibition to highlight exclusion of women from abstract art Critics assemble! Here’s my list of the greatest superhero movies of all time US inflation soars in March as war on Iran drives economy into uncertainty Amazon to finally launch Leo satellite internet in ‘mid-2026’, says CEO Grand National 2026: horse-by-horse guide to all the runners Pete Hegseth’s holy war: the militant Christian theology animating the US attack on Iran Add to playlist: the beautifully dazed, countrified indie-rock of Tracey Nelson and the week’s best new tracks Not just about Gaza: the Muslim voters turning from Labour to the Greens ‘I’m worried there’s too much of me,’ says a birch: inside the interspecies council giving nature a voice Why is anyone surprised by the US and Israel’s latest war? It’s only what the world allowed them to do in Gaza Tori Amos review – fans hang on every note of this dramatic deep dive into her back catalogue Coachella 2026: Justin Bieber launches a major comeback in the desert Super Mario what?! The seven best obscure Mario games ‘An abomination’: the Lancashire town kicking up a stink over reopened landfill Pillion to Roofman: the seven best films to watch on TV this week Holly Humberstone: Cruel World review – Taylor Swift fave trades gothic melancholy for pop glow-up Thrash review – cursed shark thriller sinks like a stone on Netflix Gulf states rethink security in light of US-Israel war on Iran Go Gentle by Maria Semple review – a joyfully clever New York romcom Welcome to Y’all Street: bullish Dallas aims to steal New York’s financial crown Margo’s Got Money Troubles to Beef: the seven best shows to stream this week I baulked at the idea of ‘friction-maxxing’. But there’s more to it than meets the eye Reich: The Sextets album review – Colin Currie celebrates the minimalist master’s joy of six Benjamina Ebuehi’s sweet and salty chocolate chip cookies recipe Experience: my house was taken over by 70,000 bees Malcolm in the Middle: Life’s Still Unfair review – the TV magic they’ve created here is absolutely miraculous Lava bursts forth as Hawaii’s Kilauea volcano erupts Sonos review: Are these the best portable speakers that money can buy? I tested to find out Buy bread in the evening, hit the sales on a Tuesday: retail workers’ top tips to cut your shopping bill The best water flossers in the UK, tested for that dentist-clean feeling Where to start with: Muriel Spark You be the judge: should my girlfriend stop mixing gold and silver jewellery? The best carry-on luggage in the UK, tested on an assault course How games capture the awe and terror of cosmic isolation I never text back – and it’s ruining my relationships The pet I’ll never forget: Beau, the labrador who saved my life Life Is Strange: Reunion review – a decade-long story comes to an impassioned close Why is gaming becoming so expensive? The answer is found in AI
Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?
Josh Taylor · 2026-05-17 · via The Guardian

After a week of outages, hundreds of millions of students’ data stolen, delayed assignment due dates, and school login pages being defaced by hackers, US tech firm Instructure – which operates the education platform Canvas, used by education providers worldwide – announced it had “reached an agreement with the unauthorised actor” behind the ransomware attack.

Experts read the careful language as a sign that a ransom has been paid. The company has not confirmed.

The question of whether firms should pay ransomware attackers to regain access to their systems, and potentially prevent further harm from the release of personal information of – in some cases millions – is one that thousands of companies face each year. Although governments across the globe advise against it, many ultimately do.

The hacking group ShinyHunters claimed responsibility for the attack on Instructure. They had threatened to leak the reported 3.6TB of data – comprising of student ID numbers, email addresses, names and messages from 9,000 schools and 275 million students and staff worldwide – unless the company paid the ransom.

Sign up for the Breaking News Australia email

In Australia, more than two dozen universities and public and private schools in several states were victims of the attack. RMIT and UTS were among those to grant extensions on assignments as frustrated students were unable to access the portal.

Instructure later confirmed that the hackers had exploited a vulnerability in its Free for Teacher software that allowed them to deface login pages, such as that for the University of Texas San Antonio, to alert users to the breach.

The company said this week that the data was “returned” to it as part of the agreement it reached with the hackers, and also that they were shown “digital confirmation of data destruction” via shred logs – a technical report that is generated by a program that processes data to be destroyed in a way that makes it no longer recoverable.

“While there is never complete certainty when dealing with cybercriminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the company said last week.

The head of cyber at cyber forensics accounting firm McGrathNicol, Darren Hopkins, says Canvas’ statement was “well crafted [in a way] that doesn’t necessarily admit anything but also does demonstrate that they’ve got an agreement”.

“ShinyHunters is an extortion group,” he says. “This is what they do. What other agreement will they come up with?”

Aegis Cybersecurity expert Luke Irwin estimates that based on reported ransom demands of US$10m, it’s possible Instructure – or its insurance underwriter – paid somewhere up to that amount, but says it’s also possible it was negotiated down.

“Instructure is dealing with a criminal organisation, and you are taking them at their word that they will commit to those outcomes,” he says. “That is a risk-driven position Instructure needs to work within.”

To pay or not to pay?

Most governments advise against paying ransoms, including in the UK, US and Australia, but outright bans are rare, tech firm Akamai says in its 2025 ransomware state of the industry report.

“If ransoms are not paid, then the effectiveness of the attack vector is reduced and potentially becomes less attractive to hacker groups,” the report stats.

In Australia, it could be a criminal offence to pay an attacker that is designated under the autonomous cyber sanctions law. The sanctions office says it will consider any payment made “on a case-by-case basis” as to whether it is referred for a prosecution.

Payments could fund other criminal activities, and ultimately there is no guarantee that paying a ransom or extortion would prevent the release of data or end the threats, Akamai says.

Under Australia’s mandatory reporting obligations that commenced at the end of May last year, 75 businesses with turnovers of at least $3m a year had paid ransoms as of the end of January 2026.

The government does not disclose how much was paid. A McGrathNichol ransomware report from November surveyed 800 executives from Australian businesses with 50 or more employees, and found the average amount paid in Australia was $711,000, down from $1.35m the year before.

The report found 64% decided to pay a ransom and 81% of businesses say they would hypothetically be willing to pay a ransom.

Hopkins says businesses are getting better at preparing for a cyber-attack, meaning they are less likely to need to pay to get hackers to unlock the locked systems. Instead, businesses were more focused on trying to stop further harm by paying the hackers releasing the data.

“Canvas was interesting because we all suspected [Instructure] engaged with the threat actor very quickly because they were on the leak site and [the posting] got removed from it.”

‘How honest is that criminal?’

The question Hopkins gets asked in board rooms across Australia, when training businesses on cyber-attacks, is: Will making a payment stop data being exposed?

“That question around ‘how honest is that criminal?’ comes up all the time,” he says.

“The business model [of hackers] needs them to show that they’re honest because no one would ever pay them. So it’s a big trust factor.”

Irwin says it is in ShinyHunters’ interest to act in good faith as an example to other organisations who may be compromised, so future victims would be more inclined to pay.

However, Hopkins adds: “You can’t rely on them to not be what they are, which is criminals”.

“They’ll go off and give us screenshots saying ‘here’s us deleting things’… you don’t know if they’ve made a copy, or what they’ve done beyond that,” he says.

“They will show you what you need to see so you’ll make your payment, and you’ve got no access to validate any of these things.”