Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Higher education has long been a goal Ransomware Gangs and data extortion attacks. But perhaps never before has a cyberattack against a single software platform completely disrupted the daily operations of thousands of schools across the United States.
Widely used digital learning platform Canvas was placed in “maintenance mode” on Thursday after its manufacturer, edtech giant Instructure, suffered a data breach and faced an extortion attempt by attackers using the privileged moniker “Brilliant Hunters.” Although hackers have been announcing the hack and trying to extract ransomware from Instructure since May 1, the situation took on added immediacy for ordinary people across the U.S. and beyond on Thursday because Canvas’ downtime caused chaos at schools, including those in the middle of final exams and end-of-year assignments.
Universities such as Harvard, Columbia, Rutgers, and Georgetown have sent alerts to students about the situation in recent days; Other institutions, including school districts in at least a dozen states, also appear to have been affected. In a list posted by the hackers behind the attack on their ransomware-focused dark web site, they claim the hack affected more than 8,800 schools. However, the exact size and extent of the breach is currently unclear. The fact that the canvas was idle throughout the afternoon and evening on Thursday added to the complexity of the picture.
In an ongoing incident Update log Which began on May 1. Steve Proud, Instructure’s chief information security officer, said the company “recently experienced a cybersecurity incident committed by a criminal threat actor.” He added on May 2 that the “relevant information” of “users at the affected institutions” includes names, email addresses, student ID numbers, and messages exchanged between users on the platform.
The situation was eventually marked as “resolved” on Wednesday, with Proud writing that “Canvas is fully operational, and we see no ongoing unauthorized activity.” At midday Thursday, anyway, the instructions Status page It recorded an “issue” where “some users are having difficulties logging in to student e-portfolios.” Within a few hours, the company added another status update: “Instructure has placed Canvas, Canvas Beta, and Canvas Test in maintenance mode.” Late Thursday evening, the company said Canvas was once again available to “most users.”
TechCrunch I mentioned On Thursday, hackers launched a secondary wave of attacks, defacing some schools’ Canvas portals by injecting an HTML file to display their own message on the schools’ Canvas login pages. according to Harvard crimsonthe attackers modified the Harvard Canvas login page to show a message including a list of schools that the hackers claim were affected by the hack.
The letter from the attackers “urged the schools on the affected list to consult with a cyber consulting firm and contact the group privately to negotiate a settlement before the end of the day on May 12, or risk having their data leaked,” The Crimson reported. “It is unclear what information related to Harvard affiliates was included in the alleged breach.”
Instructure did not immediately respond to a request for comment about Thursday’s outage and how it fits into the larger picture of the breach. But the situation is significant given that a massive trove of student information was potentially exposed, and the nationwide visibility of the incident makes it a prime example of a long-standing, but endlessly escalating, problem of data extortion and ransomware attacks.
The name ShinyHunters is associated with massive data dumps and has been linked to the notorious hacker group known as com. But as the cast has changed over the years, many of the forwards have taken on the most prominent nicknames associated with Com. A number of recent attacks have called for other names, Like Lapsos$with little or no connection to the original group operating under the name.