Skip to main content
Emerging ThreatsMalware & Ransomware

Ransomware Gangs Test Trust with Data Deletion Promises

Locked cabinet with combination dial in a dimly lit, institutional office setting.

The recent Instructure breach affecting the Canvas learning platform has reopened a blunt question for victims of extortion: can the promises of ransomware gangs — specifically, promises to delete stolen data — ever be trusted?

How the Instructure breach frames the pay-or-not calculus

On the ISMG Editors' Panel, four editors considered that precise dilemma: the Instructure incident and "the broader implications of organizations paying ransom demands based on promises by a cybercriminal gang to delete stolen data." The discussion underscored a recurrent tension: the immediate operational pressure to limit disclosure and disruption versus the moral and strategic risks of negotiating with extortionists who offer deletion as the price of silence.

Security leaders' alarm over AI-accelerated attacks

Panelists flagged a related trend: security leaders "fear artificial intelligence is accelerating attacks faster than humans can respond." The conversation called out several AI-specific concerns that are changing defensive priorities — faster and more sophisticated attacks, the emergence of "shadow AI," and "non-human identities" — and noted "the growing urgency to adopt AI-driven defenses" as defenders try to keep pace.

Instant payments forcing a rethink of fraud prevention

The panel also examined how payments architecture is altering fraud risk. With the rise of instant payments and "increasing regulatory scrutiny," banks and fraud teams are being pushed to redesign programs for a real-time world. The editors emphasized a central tension in that redesign: balancing "customer convenience, fraud losses and accountability in real-time payment environments."

The editors, the weekly forum, and recent threads

  • Panelists: Anna Delaney, executive director, productions; Mathew Schwartz, executive editor of DataBreachToday and Europe; Suparna Goswami, executive editor; and Tom Field, senior vice president, editorial.
  • The ISMG Editors' Panel runs weekly; recent editions referenced include the May 1 installment on "North Korea's fake meeting crypto heists" and the May 8 edition about "the battle over access to frontier AI models."
  • The editors linked ransomware, AI-enabled threats and payments fraud as co-evolving risks rather than isolated problems.

What this means for security teams, regulators and banks

  • Security teams and technologists: will watch for AI-enabled acceleration of attacks and "the growing urgency to adopt AI-driven defenses" as they weigh whether traditional playbooks remain sufficient.
  • Policymakers and regulators: face pressure from "increasing regulatory scrutiny" around instant payments and may focus on accountability and controls in real-time payment environments.
  • Banks and fraud-prevention leaders: must reconcile the "tension between customer convenience, fraud losses and accountability" as instant payments shorten the window for detection and response.

The ISMG editors left a pointed ledger of risks: ransomware actors offering deletion as assurance; AI tools that can outpace human responders; and payment rails that compress time and responsibility. Each element tightens the decision space for defenders and executives alike. The practical question the panel returned to — whether organizations can ever reliably trust a criminal promise to delete stolen data — remains unresolved, even as defenders confront the accelerating pressures of AI and real‑time finance.

Read the original ISMG Editors' Panel discussion: https://www.govinfosecurity.com/ismg-editors-should-we-trust-ransomware-gangs-a-31704