Should Companies Pay Hackers?

The Growing Debate Around Ransomware Payments

A recent cyber incident about Canvas hack has reignited a difficult question for organisations facing ransomware attacks: should companies pay hackers to prevent stolen data from being released?

The company responsible for the widely used Canvas learning platform has confirmed it reached a settlement with the threat actors behind last week’s cyber attack, which caused significant disruption for thousands of universities and colleges worldwide.

The incident affected around 9,000 educational institutions across the UK, US, Canada, and Australia, with some exams and academic activities impacted when Canvas services became unavailable.

According to reports, the attackers claimed to have stolen approximately 3.5 terabytes of data belonging to students and educational institutions and threatened to release it publicly.

The developer of Canvas, Instructure Inc has since stated that an agreement was reached with the attackers. The group has reportedly deleted the stolen information and committed not to target students or institutions with further extortion attempts.

However, cybersecurity and law enforcement agencies generally advise against making payments to cybercriminals, as doing so can encourage future attacks and provides no independent assurance that compromised data has actually been destroyed.

Paying cybercriminals is never a guarantee

Even when a ransom is paid:

There is no certainty that stolen data has been deleted.
Attackers may still retain copies of the information.
Organisations can become targets for future extortion attempts.
Payments could help fund further criminal activity.

This highlights an important reality of modern cyber threats: prevention, detection, and response planning remain critical.

Businesses should ensure they have:

Strong security controls in place
Regular backups
Incident response plans
Tested recovery procedures
Ongoing cybersecurity awareness

When organisations are faced with ransomware demands, decisions often need to be made quickly and under significant pressure. Having a well-prepared incident response plan can help reduce both business disruption and the likelihood of being forced into difficult decisions.

Cybersecurity is not just about preventing attacks, it is about being prepared for how to respond when they happen.

If you have been impacted by this or would like to discuss this further, please contact us today.

Speak to an expert

Share this Article:

System Breach, Security, Linux, Copy Fail, Vulnerability

News

Linux “Copy Fail” Vulnerability: Why It Matters for Your Business

The Linux “Copy Fail” vulnerability has raised concern across the security community. Read our overview of the risk, how it works, and what organisations should do next.

Insights

From Annual Pen Tests to Always-On Exposure Management

Most organisations rely on annual penetration testing, but lack visibility in between. That gap is where risk grows. CTEM is changing how organisations approach continuous exposure management. Explore the full article to learn more.

Insights

PCI DSS: Why Employee Churn Matters

When staff leave, knowledge often leaves with them. This article explores how high staff turnover quietly undermines PCI DSS compliance, where the risks appear, and how organisations can strengthen resilience despite change.

Speak to an Expert

Call us on +44 (0) 203 393 7795

We value what our customers think of us

Blackfoot are authentic, hard-working, flexible and committed. Finding a partner who has our best interests at heart, one who tries to find solutions that work for us as a customer is like gold-dust. I now consider Blackfoot as part of my trusted partner network for any future projects.

"As our business has expanded so quickly, we have had to learn and implement new policies, processes, controls internally and externally, upskill staff and manage 3rd parties differently, it’s been a heck of a learning curve. During the onboarding and kick off meetings the support exceeded what I was expecting. The support from Blackfoot was amazing."

I was very impressed with your project managers persistence and attention to detail. She clearly understood the technical side of the testing and was very patient and polite when chasing up due to slow / delayed responses on our side. Overall, the approach gave me confidence that the testing was being planned carefully and that Blackfoot were helping us get the best out of the plan.

"I’m pleased to have seen the account progress, I know your consultants have dedicated a lot of time to the project and I’m excited to report back to their transformation director in the new year around their latest level of data security and privacy maturity based on the investment they have made"

“ I would like to add my thanks as in previous years you have really supported us and helped us to renew our certification and the entire process has been smooth and painless, we are most grateful."

Get The Latest Industry News

We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.