Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools

Instructure also said it confirmed that the unauthorized actor exploited an issue related to its Free-For-Teacher accounts. The company has temporarily shut down those accounts.Instructure did not say whether it paid a ransom nor has it said what happened with the compromised data.Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.Hackers breached data days before the outageA hacking group calledShinyHuntersclaimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance.Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised.Canvas went down just as deadlines were hittingThe outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

Instructure did not say whether it paid a ransom nor has it said what happened with the compromised data.Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.Hackers breached data days before the outageA hacking group calledShinyHuntersclaimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance.Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised.Canvas went down just as deadlines were hittingThe outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.Hackers breached data days before the outageA hacking group calledShinyHuntersclaimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance.Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised.Canvas went down just as deadlines were hittingThe outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

A hacking group calledShinyHuntersclaimed responsibility for the breach at Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance.Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised.Canvas went down just as deadlines were hittingThe outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

The message that flashed on Polo’s computer screen urged individual schools to reach out directly to the hacking group to negotiate a settlement and threatened to leak data if they didn’t. She said that Canvas later took that message down, replacing it with a message saying the site was undergoing scheduled maintenance.Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised.Canvas went down just as deadlines were hittingThe outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

Just before 1 a.m. Friday, Polo was able to submit an assignment on Canvas, but she now worries personal data has been compromised.Canvas went down just as deadlines were hittingThe outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

The outage happened just as a deadline arrived for semester-long projects in one of Gwyneth Doland’s journalism classes at the University of New Mexico.“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

“They were a little hyperventilating,” recalled Doland, who extended the deadlines. “None of these platforms are fail-proof. I’m glad that they got that lesson.”That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

That the attack came with finals looming came as no surprise to Huseyin Can Yuceel, the security research lead at Picus Labs.“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

“Timing is everything, because they want to inflict pain as much as possible,” he said, “so they can extort money out of it.”Teachers said they had to find workarounds to help students study for exams and submit final assignments. Some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.Rod Uzat, a professor of Educational Leadership at the University of Texas Permian Basin, pushed back the posting of grades by a day.“The concern is for those of us who were doing the grading if there’s anything left,” Uzat said.Rhongho Jang, a computer science professor at Wayne State University in Detroit, was finalizing grades for a class of 94 students when the system went down. He keeps paper copies of the student exams, but all of the semester assignments, which make up half of the final grade, are done online.If those assignments and grades could not be recovered, Jang would have given his students full credit.“I didn’t want to penalize them,” he said. “We cannot judge based on the data we don’t have. The final responsibility is still on the server.”A reliance on tech makes schools vulnerableThe breach underscored how much schools depend on outside companies’ digital platforms to keep their operations running.“What it boils down to is concentration risk,” said Joseph Blankenship, a vice president and research director at Forrester. He said any space, including education, is particularly vulnerable when there’s only one or maybe two key providers hosting essential technology.Allan Liska, of the cybersecurity firm Recorded Future, said the outage did appear deliberate, not a glitch, and that Instructure was trying to figure out how widespread the problem was and make sure the hackers were no longer inside its system.“There’s no indication at this point that any ransom has been paid,” Liska said. “And it likely is still a little too early for a ransom to have been paid. You know, normally these negotiations kind of drag on for a while.”Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including Live Nation’s Ticketmaster subsidiary. ShinyHunters posted online that it was not commenting on the Canvas incident.ShinyHunters, or an offshoot, also was behind a previous smaller breach of Instructure, Liska said. Sometimes small breaches reveal weaknesses that threat actors later exploit in future leaks, said Yuceel, who likened it to a leak in a boat.“You fixed it, but you already have the water in the boat,” he said.

Source: SecurityWeek