Instructure pays ransom to Canvas hackers

Instructure has paid a ransom to the hacking group ShinyHunters following two cyberattacks on its Canvas learning management system, which compromised data of approximately 275 million users. The payment led to the return of data and service, confirming the company’s response to the ongoing security breach.

According to an update published by Instructure on Monday night, the company confirmed it paid a ransom to the cybercriminal group ShinyHunters after the group hacked Canvas twice within a week and a half. The hackers had threatened to leak personal data, including names, email addresses, and student IDs, affecting over 8,800 institutions and 275 million users.

The company stated it received digital confirmation that the hackers destroyed the compromised data, evidenced by ‘shred logs,’ and assured that no Instructure customers would be extorted publicly or privately as a result of the incident. The ransom payment, whose monetary value was not disclosed, was made just before the May 12 deadline imposed by the hackers.

Following the ransom, Canvas was fully operational by May 5, but the hackers resumed attacks on Thursday, disrupting access again and issuing a message warning that more leaks could occur if demands were not met. Instructure’s CEO, Steve Daly, acknowledged the incident and pledged to improve communication and security measures moving forward.

Why It Matters

This incident underscores the growing threat of cyberattacks targeting educational institutions and service providers. Paying ransom raises questions about cybersecurity practices, potential incentivization of criminal groups, and the risks to sensitive student and institutional data. The breach also caused widespread disruption during critical academic periods, highlighting vulnerabilities in data security and crisis management within the higher education sector.

Cybersecurity Geek Computer Science Software Engineer T-Shirt

Tech Professional Career design. Computer engineer gifts for men who like gifts for computer geeks and computer security…

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

Over the past year, cybercriminal groups like ShinyHunters have been linked to significant data breaches at major universities, including the University of Pennsylvania, Princeton, and Harvard. The group’s infiltration of Canvas, used by 41% of North American higher education institutions, marks a notable escalation in targeting educational technology platforms. The incident follows a pattern of ransomware extortion campaigns that threaten to leak large volumes of private information unless demands are met.

“Last week, we made a call to get the facts right before speaking publicly. That instinct isn’t wrong, but we got the balance wrong. We focused on fact-finding and went quiet when you needed consistent updates. You’ve been clear about that, and it’s fair feedback. We will change that moving forward.”

— Instructure CEO Steve Daly

“Instructure has not even bothered speaking to us to understand the situation or to even negotiate with us to prevent the release of this data. Our demand was not even as high as you might think it is. The Company seemingly does not care about all the students affected and the institutions impacted by this data breach.”

— ShinyHunters ransom group (via published messages)

Data Shredder Stick – Secure Data Wiping Tool for Windows, Permanently Erase Files and Wipe Drives with Military-Grade Precision

Securely Wipe Hard Drives – When files are deleted from hard drives, they are placed in unallocated space…

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It remains unclear how much the ransom payment was, whether any additional negotiations occurred, and what specific security measures Instructure has implemented since the incident. The full scope of the data affected and the long-term impact on user trust are still being assessed. Additionally, the extent of ongoing threats or future attacks has not been publicly disclosed.

What’s Next

Instructure is expected to continue forensic investigations, enhance its cybersecurity defenses, and provide further updates on the incident’s impact. The company may also review its crisis communication strategies and consider additional security audits to prevent future breaches. Monitoring of the hackers’ activities and potential retaliatory actions will likely follow.

Data Geek Information Analyst Gift Idea Software Data T-Shirt

With the diagram of data analysis and a humorous saying, this data analyst clothing is ideal for showing…

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Did Instructure publicly confirm paying the ransom?

Yes, Instructure confirmed it paid a ransom to the hacker group ShinyHunters, though it did not disclose the amount.

What data was compromised in the Canvas breach?

The hackers claimed to have accessed personal information of users, including names, email addresses, and student ID numbers, affecting over 275 million users across thousands of institutions.

Will the data be leaked publicly?

According to Instructure, the hackers confirmed the data was destroyed after the ransom was paid, and the company received proof of this destruction. However, the threat of future leaks remains uncertain.

How did the breach affect students and universities?

Many universities postponed final exams and project deadlines as they responded to the disruption caused by the breach and the hackers’ demands.

What are the implications for cybersecurity in education technology?

This incident highlights the vulnerability of educational platforms to ransomware and data breaches, emphasizing the need for stronger security measures and crisis response protocols.