UCCS data held for ransom in international Canvas cyberattack 

Around 2:20 p.m., Canvas was hacked by threat actor group ShinyHunters, disabling students’ ability to use the website in any capacity. The breach has impacted users nationwide. 
 
ShinyHunters is holding website access and website data as ransom, demanding affected universities contact them to negotiate a settlement by May 12, or else the group will release their data, including personal information about students and staff.  
 
Threat actor groups are organized networks that exploit digital devices and systems, according to IBM. They target organizations with more money and highly sensitive information. 
 
“When it comes to best cyber security practice, you do not pay that ransom,” said OIT Services Professional Brock Stamper. Stamper said this is to mitigate the idea that ransoms will work on an organization going forward. 

Stamper said Canvas data is compromised. This means any student IDs, names or files submitted to Canvas may be leaked. Personal devices and data — like passwords and Social Security Numbers — are safe and intact, according to Stamper. 
 
Instructure, Canvas’ parent company, disclosed that there had been a cyberattack May 1. After investigation, Instructure said the site was “fully operational” and that they were “not seeing any ongoing unauthorized activity.” 
 
Stamper said that it is likely that Instructure decided to not pay the ransom and pivoted to protecting themselves from further attacks. 
 
“In this case, it seems to not have worked,” said Stamper, mentioning that ShinyHunters proceeded to leak the data and shut down the website, attempting to extort the individual campuses. 
 
“Hundreds of institutions are being held ransom right now,” said Stamper. 

Other universities who have been affected over the last week include Duke University and Penn State
 
Stamper said it’s not possible to know when Canvas will be back up and running. OIT is currently tracking incidents on campus. 

Canvas’s home screen now reads that it is “undergoing scheduled maintenance.” 
 
With finals around the corner, Stamper said that the problem becomes more urgent. 
 
“I have a lot of big projects,” said sophomore communication major Autumn Otradovec. 
 
Otradovec remains calm as of now but said that if the problem continues into the weekend, she may start sending emails to teachers, asking for extensions. 
 
Sophomore accounting major Michael Tucker echoed this, adding he feels that if an issue like this happens again, the school should look into a platform other than Canvas. 
 
“It’s concerning how easy it seemed for a blackout to happen,” he said. 
 
Image of security message by Ava Knox.