A Canvas cyber attack disrupts 9,000 schools and universities across the United States, Canada, and Australia this week as the hacking group ShinyHunters claimed responsibility for a ransomware strike on Instructure, the parent company of the academic software platform. Final exams were cancelled. Ransom notes demanding bitcoin appeared on student screens mid-exam. The Canvas cyber attack disrupts 9,000 schools and universities during the highest-stakes period of the academic calendar.

How the Canvas Cyber Attack Disrupts 9,000 Schools and Universities

Aubrey Palmer, a meteorology student at Mississippi State University, told the BBC she had just completed a 2,900-word exam essay when a ransom note appeared on her screen. The message read: “Shiny Hunters has breached Instructure (again).” It demanded a bitcoin payment and threatened to release stolen data. Palmer was in a room with dozens of other students. All received the same message at the same moment.

The Canvas cyber attack disrupts 9,000 schools and universities at the worst possible time. Mississippi State postponed Friday’s final exams. Idaho State cancelled everything after midday Thursday. Penn State told students no resolution was likely within 24 hours. The University of Sydney instructed students not to attempt to log in. UCLA students could not submit assignments. The University of Chicago temporarily disabled its Canvas page. The University of Toronto confirmed the breach. The University of British Columbia told students to log out immediately.

Instructure posted an update late Thursday saying Canvas was “available for most users,” though some universities continued reporting outages on Friday as the Canvas cyber attack disrupts 9,000 schools and universities well into the weekend.

The Student Experience of the Canvas Cyber Attack Disrupts 9,000 Schools

Jacques Abou-Rizk, a master’s student at Northwestern University, clicked a link in an email that appeared to come from a university administrator. The ransomware message appeared. “I didn’t know what was happening,” he told the BBC. “It’s a scary message to receive.” By Friday, Abou-Rizk still could not access Canvas. The university had sent a single generic email saying it was “monitoring an issue.” No restoration time. No information about compromised data.

“There’s definitely anxiety surrounding not only being able to complete my work,” Abou-Rizk said, “but also just not knowing exactly what the threat is and how it might affect me. I don’t know what data will be released, and that scares me.” The Canvas cyber attack disrupts 9,000 schools and universities at a moment when grades, submitted work, and personal information sit on a platform that was breached by a group with a history of releasing stolen data.

The Ransomware Group Behind the Canvas Cyber Attack

ShinyHunters has been linked to several high-profile attacks, including a major hack on Jaguar Land Rover last year. Luke Connolly, a threat analyst at Emisoft, told the Associated Press that screenshots showed targeted threats began on Sunday with deadlines on Thursday and 12 May. Discussions regarding extortion payments could be ongoing. The group targeted Instructure specifically. By hitting the parent company rather than individual universities, the Canvas cyber attack disrupts 9,000 schools and universities through a single point of failure.

What Comes Next

The attack coincided with a letter from Senate Democratic leader Chuck Schumer urging the Trump administration to increase cyber defences. Universities will now audit their software dependencies. The lesson of the Canvas cyber attack is that a single platform can paralyze an entire institution.