The company did not say what it had given the hacker group in exchange for the terms.
Instructure, the parent company behind Canvas, the education management platform reportedly hacked by ShinyHunters, has reached an agreement with the cyber gang, it said yesterday (11 May). Hackers had given affected universities until tomorrow (12 May) to negotiate a settlement.
As per the agreement, the cyber extortion group has returned stolen data and deleted copies, and has agreed not to extort the institutions affected in the hack, Instructure said. The company did not say what it had given the hacker group in exchange for the terms.
Reportedly formed around 2020, ShinyHunters has claimed responsibility for an array of high-profile, financially motivated attacks in recent years on groups such as Salesforce, Allianz Life, SoundCloud, Ticketmaster and Tinder-parent Match Group.
The group was linked to a breach of the European Commission’s Europa.eu platform in March, where 350GB of data, across multiple databases, was reportedly accessed and stolen.
It reportedly began targeting edtech giant Instructure late last month, which started noticing unauthorised activity in Canvas on 29 April, and later on 7 May.
ShinyHunters claimed responsibility for the attack and said it stole 280m records. The threat actor also published a list of more than 8,800 institutions that were affected by its attacks on Canvas. In a 3 May ransom note, it threatened to leak “several billions of private messages among students and teachers.”
In Ireland, the platform is used by the likes of University of Galway and Munster Technological University – both of which faced disruptions following the hack.
Instructure, at the time, said the stolen information includes user identifying information such as names, email addresses, messages and student ID numbers at affected institutions. It has reported the breach to the US FBI and the Cybersecurity and Infrastructure Security Agency and other law enforcement agencies, it said.
In its latest update, the company said that the unauthorised actor exploited an issue related to its ‘free-for-teacher’ accounts to hack Canvas. As a result, the feature has been temporarily shut down. Other services, however, are fully operational, it added.
“ShinyHunters timed this attack to sting as much as possible,” said Raluca Saceanu, the CEO of Smarttech247.
“With exam season underway and academic years drawing to a close, schools and universities needed Canvas working. That dependency gave ShinyHunters the leverage to lay out the terms of their deal. For Canvas, and its parent Instructure, it was agree to terms or lose customers.”
“While technical recovery time from ransomware attacks is accelerating, attackers are responding by shifting their focus and making the broader organisational consequences more damaging than ever.”
“It’s not just a question of causing as much potential damage as possible. From the attackers’ point of view, these newer approaches are faster, cheaper, stealthier and carry lower technical risk. And the core law of extortion anywhere holds – even if a victim pays, there’s no guarantee data won’t be exposed anyway, and the organisation has now marked itself as a valuable target,” Saceanu added.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
You must be logged in to post a comment Login