Brandon DrenonAnd
Joe Tidy,Cybercorrespondent, BBC World Service
A cyberattack has hit several universities and schools in the United States, Canada and Australia, causing chaos, confusion and major disruption in the midst of a high-stakes end-of-year period.
Hacker group ShinyHunters claimed responsibility for the attack, which caused academic software used by thousands of schools and universities to go offline this week.
On Thursday evening, the company Instructure, which owns Canvas, posted an update on its website saying that Canvas was “available to most users,” but some universities were still reporting outages on Friday.
Cyberattacks have targeted universities and schools around the world, affecting approximately 9,000 institutions.
Mississippi State University announced it is postponing Friday’s final exams to allow affected students to recover lost work.
Aubrey Palmer, a meteorology student at the university, told BBC students they had just finished a 2,900-word essay when a ransom note suddenly appeared on their screens.
The message read: “Shiny Hunters has violated Instructure (again). »
He threatened to release the stolen data unless Canvas or the affected universities paid a ransom in Bitcoin.
“My gut reaction was that I had been hacked myself, because that’s what it looked like,” Palmer said. “But then I read the ransom note and saw that it was Canvas that had been hacked.”
Palmer said the professor and dozens of other students all had the grade and everyone looked around the room in confusion.
At first it was unclear whether their work had been saved.
Frustration quickly spread among students, and Palmer said people were “so angry about having to redo” their exams.
The university has since informed students by email, rescheduled exams and advised them to ignore suspicious messages while responding to what it described as a “national security incident.”
The University of Sydney told students on Friday that “Canvas was unavailable” and asked them not to attempt to log in.
“We are one of approximately 9,000 institutions worldwide affected by this outage, and we are still awaiting guidance from Instructure,” the university wrote on its website.
The outage affected students’ classes and exams, the university said, recognizing “how disruptive this is at a critical time in the semester.”
On Thursday, Idaho State University announced that it had canceled exams scheduled after 12:00 p.m. local time (18:00 GMT).
Penn State University wrote in a message to students Thursday that “no one has access” to Canvas, adding that a “resolution” was unlikely to come “in the next 24 hours.” The university canceled some exams scheduled for Thursday and Friday.
In an update Thursday evening, the University of British Columbia in Vancouver informed students that Canvas was “unavailable due to a cyber breach at its parent company Instructure,” and advised them to log out immediately.
The University of Toronto also said it was affected by the breach, saying “multiple universities were affected.”
Students at the University of California, Los Angeles have had difficulty submitting assignments online through the Canvas platform, and the University of Chicago, Illinois, temporarily disabled its Canvas page after reporting that it was being targeted.
The Chicago Maroon, the university newspaper, published a screenshot of a message from ShinyHunters that appeared to demand a ransom.
The message encouraged the university to contact the hacking group privately “to negotiate a settlement” and avoid “disclosure of their data.”
That’s the same message Jacques Abou-Rizk, a master’s student at Northwestern University, said he received when he clicked on a link in an email that appeared to come from a university administrator.
“I didn’t know what was happening,” Abou-Rizk recalled. “That’s a scary message to receive.”
He said the university addressed the issue Thursday, sending a generic email, seen by the BBC, saying Northwestern was “monitoring an issue.”
The email stated that the university did not have an estimate of how long it would take to restore Canvas and that other IT infrastructure was not affected.
Abou-Rizk said he still couldn’t access Canvas on Friday and hasn’t heard from the university since.
“There’s definitely anxiety related to being able to not only complete my work and access the sites that I need to access on Canvas,” Abou-Rizk said. “But also, I don’t know exactly what the threat is and how it might affect me.
“I don’t know what data will be published and that scares me.”
The BBC has contacted Northwestern University for comment.
ShinyHunters has been linked to several high-profile cyberattacks in the past, including a major and economically damaging hack against Jaguar Land Rover last year.
Screenshots show the group’s targeted threats began Sunday, with deadlines set for Thursday and May 12, Luke Connolly, a threat analyst at cybersecurity firm Emisoft, told The Associated Press.
He said discussions regarding extortion payments may be ongoing.
The group would not say what it plans to do with the data it claims to have recovered in the latest attack.
Thursday’s cyberattacks came on the same day that the U.S. Senate’s top Democrat, Chuck Schumer, sent a letter to the Trump administration calling for more defenses against cyber risks in the era of rapid AI development.
The Department of Homeland Security – the agency that helps prevent cyberattacks – “must immediately help states and localities,” says Schumer wrote.
“Before Americans are hit with outages, disruptions and attacks that could put lives and livelihoods at risk,” he continued.
- Were you affected? Share your experiences here
With additional reporting from Rebecka Pieder and Nadine Yousif in Toronto.