There are several articles this week about the recent Canvas Ransomware event. For our campus, it occurred during the week before the last week of the spring term. That week is a big deadline week – usually writing assignments are due. We were disrupted – for a day. Canvas contacted all of the campus IT and Distance Learning administrators with the guidance to not have anyone try to log in. Our president also sent out a campuswide message. And we waited. I sent a campus email message to each of my classes to reassure – I’m not a deadline guy and my students already know that, but many indicated they appreciated the reaffirmation that all of my dropboxes are open until the last day of the class. Turned out, that worked very well and reduced any angst.
Many of us are on Canvas – it has 41% of the market share in higher education with over 9000 individual institutions. Plus some 3000 K-12 schools as well. And the sad reality is that any of the LMS solutions – as well as our various enterprise services on our campuses – are vulnerable to this type of an attack. In fact, with the arrival of AI, the risk of ransomware attacks has increased.
The culprit – ShinyHunter, has been around for several years – Wikipedia offers a useful briefing about this criminal organization - as well as a list of major ransomware attacks attributed to this group: https://en.wikipedia.org/wiki/ShinyHunters. Surprisingly, Canvas paid the ransom!! It is never recommended to do so. After all, can you trust anyone that hacked your website to begin with? And it is unclear where this money goes when paid – into the Dark Web for sure. We have been expecting Iran to increase its hacking efforts since the start of the War more than two months ago - and perhaps Iran is behind ShinyHunter?
Unsettling for sure. Initial reports indicate that Canvas had been dealing with this since May 1st – started with a part-time faculty member. Assuming it was his computer and ShinyHunter used it to gain access to Canvas.
So now we understand our campusIT’s obsession with cybersecurity, right? This kind of attack risk is everywhere and all at once. You would likely be shocked at the number of hacking attempts on your campus website daily. Many originate in China but increasingly, nefarious/criminal forces are emerging as the threat. Money to be made after all. Last fall, the State of Nevada IT structure was hacked – down for more than two weeks. We were never told what data was taken and IF a ransom was paid. So much for transparent government.
I hope that your disruption was minimal. I will continue to share any information I can find as Canvas has committed to a major investigation into its systems and security.
Recommended Reading
Instructure Pay Ransom To Canvas Hackers, Inside Higher Ed
Although the monetary value of the deal is unknown, Instructure says the cybercriminals have returned the hacked personal data and offered assurance “that no Instructure customers will be extorted as a result of this incident.”
How Higher Education Is Responding To The Canvas LMS Incident And Preparing For What’s Next, Educause
A recent ransomware attack on Instructure's Canvas LMS has raised concerns across the higher education community about cybersecurity, data privacy, third-party risk, and institutional preparedness
Building The AI-Ready Graduate, eCampus News
Artificial intelligence is already part of how students learn, and it is starting to change how work gets done. The question for higher education is how to ensure students understand what these systems are doing, not just the answers they produce.
What Will Gen Alpha Expect From Their Higher Ed Experience?, EdTech Magazine
While Gen Alphas were born entirely in the 21st century, the oldest among them grew up in the wholly digitally connected pandemic era, when snow days turned into e-learning days instead of fun. Those students may be more likely to expect hybrid instruction as their default higher education experience, along with seamless transitions between remote and in-person modes
AI As A Scaffold For Learning: From Access To Judgment, eCampus News
AI can enable deeper engagement, broader exploration, and iterative individualized learning at scale
Strategy Before Technology, CCDaily
Without intentional (AI )leadership, institutions risk widening existing opportunity gaps. Students with prior technological experience will continue to benefit, whereas others may graduate without the skills required to navigate an AI-enabled workplace.
Video of The Week
Faculty: Use NotebookLM For Your Research And Prep Work, YouTube
