In the midst of the high-stakes end-of-year season, a cyber attack wreaked havoc on several universities and schools across the United States, Canada and Australia, resulting in disruption, confusion and chaos.
The attack resulted in the academic software Canvas, which is used by thousands of schools and universities, going offline this week, and a hacking group called ShinyHunters took credit for it.
By 7th May, the company Instructure, which owns Canvas, posted an update on its website saying that Canvas was “available for most users”, but some universities were still reporting outages on Friday.
It’s estimated that 9,000 universities and schools around the world were affected by the cyber attack.
Mississippi State University announced that it will reschedule Friday’s final exams to give students who are impacted time to make up any work.
Students were sitting their final exam in a 2,900-word essay, and a ransom note suddenly appeared on their screens, said Aubrey Palmer, a student of meteorology at the university, to the BBC.
The message stated: “Shiny Hunters have broken the rules of Instructure (again).”
It would expose the stolen information if Canvas or the impacted universities paid a ransom in bitcoin.
When he saw it, “my knee‑jerk reaction was that I had hacked myself, because it looked like I had been hacked,” Palmer said. But then I actually read the ransom note and realised that it was Canvas that was being hacked.
The professor and dozens of students all had the note and were all looking around the room in confusion, Palmer said.
Initially, it wasn’t known if their work was salvaged.
The students quickly became frustrated, and Palmer said people became “angry at the idea of having to redo” their exams.
The university has since been sending emails to update students, reschedule exams and telling them to ignore any suspicious emails and instead responded to what the university said was a “nationwide security incident”.
Students were told by the University of Sydney on Friday that “Canvas was unavailable” and they were advised not to try to log in.
The university said in a statement on its website that it was one of about 9000 institutions worldwide that are affected by the outage and awaiting guidance from Instructure.
It disrupted students’ coursework and examinations, the university said, citing “how disruptive this is at a critical time in the semester”.
Idaho State University has cancelled exams after noon local time (1800 GMT) on Thursday.
But Penn State University, in a letter to students on Thursday, said that “no one has access” to Canvas, and that a “resolution” was not expected in the next 24 hours. The university has cancelled some of the exams that were planned to be held on Thursday and Friday.
The University of British Columbia (UBC) in Vancouver notified students on Thursday evening that the site is “unavailable due to a cyber breach of its parent company, Instructure”, and urged them to “log out immediately”.
The University of Toronto was also one of those hit, it said, noting that “multiple universities were affected”.
The University of California, Los Angeles, was having problems logging into assignments online using the Canvas platform, while the University of Chicago, Illinois, temporarily shut down its Canvas page after it came under attack.
The Chicago Maroon, the University’s student-run newspaper, shared a screenshot of a message from ShinyHunters that seemed to be seeking a ransom.
The message urged the university to reach out to the hacking collective in private “to negotiate a settlement of some sort” and to “not release their data”.
Northwestern University master’s student Jacques Abou-Rizk said he received a similar message when he clicked a link in an e-mail that seemed to be from a university official.
Abou-Rizk remembered saying to himself, “What is all this about? Abou-Rizk was not sure what was going on. He said to himself, “What is all this about? It’s a very frightening message to hear.
The university had “addressed” the matter on Thursday, sending out a generic email, seen by the BBC, which stated that Northwestern was “monitoring an issue”.
The email stated the university did not have an estimated restoration time for Canvas and that other IT infrastructure had not been affected.
“I still can’t access Canvas Friday and haven’t heard from the university since,” Abou-Rizk said.
“There’s definitely anxiety around not only being able to finish my work and I can get to the sites that I need to get to on Canvas,” Abou-Rizk said. But also, not being sure what the threat is, and how it might impact me.
“I don’t know what data they will make available, and that creeps me out.”
Northwestern has not yet commented on the story, and the BBC has reached out to the school.
In the past, ShinyHunters has been associated with a number of high-profile cyber attacks, such as a massive and devastating attack on Jaguar Land Rover last year, which caused significant economic damage.
The group started on Sunday, targeting the following threats and set deadlines of Thursday and 12 May, said Luke Connolly, threat analyst at cybersecurity firm Emisoft, in a chat with the Associated Press.
He said “extortion payments” conversations may be continuing.
The group did not reveal what it is going to do with the data it says that it has seized in the last attack.
Cyber attacks on Thursday came the same day that the top US Senate Democrat, Chuck Schumer, sent a letter to the Trump administration urging for more defence against cyber risks in the age of rapidly developing AI.
The Department of Homeland Security – the agency that helps ward off cyber attacks – “must immediately help states and localities”, Schumer wrote.
He went on to say that before Americans are met with outages, disruptions, and attacks that could put lives and livelihoods at risk.
