In an attempt to coerce the business into paying their ransom, the hackers broke into the company a second time last week and vandalized the Canvas login pages on school websites. As part of the agreement, the hackers had given proof that the stolen data was erased and that Canvas clients would not be extorted, according to Instructure’s incident page late on Monday. Customers should not have to interact with hackers, the business said, acknowledging that there is “never perfect confidence” when interacting with cybercriminals. Instructure did not reveal the agreement’s financial parameters or the amount it paid the hackers. When contacted on Tuesday, Instructure spokesperson Brian Watkins declined to comment on anything other than the company’s statement or respond to inquiries regarding the arrangement.
