Instructure says it paid a ransom. SMH

"STATUS UPDATE 5/11/26

We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority."

"With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement:"

"The data was returned to us.
We received digital confirmation of data destruction (shred logs).
We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise."

'This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.
While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses."

instructure.com/incident_updat…

s/nationwide/worldwide/

rnz.co.nz/news/education/59463…

Hackers are dedicated and clever people. They get what they're after.

But it always drives me spare that these people hack schools and pharmacies and the local council, but never Truth Social or Reform UK or pedophiles r us. 😮‍💨

interestingly, Shinyhunters removed the listing from their site¹. I attached a screenshot I found displaying the listing while it was still live (better than this screenpic lol).

With the recent Chipsoft hack by the same group, the removal of the listing by the site indicated negotiations by the hacked and the hacker were ongoing. Chipsoft likely ended up paying, since they report the data was deleted.

[1] for the curious, at your own peril: shnyhntww34phqoa6dcgnvps2yu7dl…

Sensitive content Clicca per aprire/chiudere

Yep! All for Finals week and Graduation week very soon.

Its basically their best possible timing as a ransom operation.

That's the interesting thing about being a greyhair in this industry. You've used enough different things to know they're all kinda crap and any kind of emotional buy-in to a piece of software isn't worth it because they all inevitably suck in the end.

Plus, y'know, no matter how annoying switching might be, at least you're not using AIX so it could be worse.

Sensitive content Clicca per aprire/chiudere

wait... what... I had assumed that was just some kinda dumb joke. 😐

reaches for the FreeBSD ISO he downloaded last month

Not entirely joking, "modern Linux " things like systemd is one reason I'm already looking at shifting some things to a BSD.

(Debian user since 1997, me...)

I still don't see how something like this could possibly be made to work.

Windows, Mac, fine - stop a service running and the whole thing crashes, but open source OSes, almost by definition, are about user choice. Don't want something running in the background? Fine turn it off, no bother.

If age verification is required, but likely is going to be on device, then we'll just make a service that says "Yes, over 18" when asked.
If age verification requires a third party cloud service, then well done they've just broken the internet.

Not that the BSDs are in any way a bad option, but don't forget that it's entirely reasonable to use Debian without systemd. I'm doing it now.

It's well-supported by active volunteers:

packages.debian.org/trixie/sys…

And there are other good options: Slackware and Alpine stand out. Gentoo is a bit heavy with its config syntax, but it's a super solid option.

we were a solaris shop until we made the switch to Red Hat.

Interesting times