← Back to context

Comment by jonstewart

9 hours ago

Backups are definitely helpful in ransomwares, but before systems can be restored and brought back online, victim organizations still need to assess the scope of the breach, find the initial access vector, identify compromised accounts, and evict the threat actor. That can take time.

3 comments

jonstewart

Reply
garciasn  9 hours ago

I’m not certain, but it appears you’re giving Instructure a pass here, as if this is the first time they were hacked. But, it’s the second, by the same group.

As a parent of kids who are impacted by this, I’m not super concerned about the data being held for ransom, but I sure as fuck am concerned about how much it’s going to cost the district to move to another provider.

  • JumpCrisscross  8 hours ago

    > I sure as fuck am concerned about how much it’s going to cost the district to move to another provider

    Does Canvas have cybersecurity insurance?

  • MattSteelblade  8 hours ago

    Not at all; standard IR procedure is scope -> containment -> eradication -> recovery. There is a fog right now; we don't know all the details. It seems to me that it's just as likely they weren't fully kicked out before or that the initial vulnerability wasn't remediated. You can't recover until the threat actor has been removed.