Liberty Brooks | Contributing Writer
Canvas is back online today after a cyberattack, but Florida International University students still cannot access the platform.
On Thursday, students across the globe opened their Canvas platform to see a ransom note left by the cybercriminal group ShinyHunters.
The cyberattack shut down Canvas during finals week for many schools, blocking millions of students and professors from accessing and submitting assignments.
Most FIU students finished finals on April 25 and were not directly affected by the security breach.
However, FIU Law finals were scheduled to end today, without access to the platform.
Current updates from Instructure, the parent company of Canvas, say most users regained access, but users of Student ePortfolios will still encounter difficulties logging in.
Further, FIU students still cannot access Canvas as of Friday while the university’s cybersecurity team reviews the platform’s security. Access will be restored after the review.
A statement from FIU on May 8 shared that difficulties with entering Canvas are causing a variety of issues for the incoming summer A semester starting on Monday, May 11. The outage blocks professors from accessing and preparing coursework. Students cannot access course information or syllabi to prepare for the semester.
University officials plan to restore access by 9 a.m. Saturday, May 9. Summer classes will start Monday, May 11, as scheduled.
According to the software security company DoControl, ShinyHunters is responsible for hacking into over 400 different organizations since their inception in 2019.
The group’s name is in reference to the game Pokémon, and they have often used a Shiny Umbreon for their public profiles.
Some of the companies ShinyHunters hacked into include Google, Ticketmaster, Rockstar Games, Pixlr, Microsoft Github, Crunchyroll, and Wattpad.
ShinyHunters also targeted Ivy League schools like UPenn, Princeton, and Harvard before the recent attack on Canvas.
In order to break into company platforms, ShinyHunters often attempts to appear as the company by creating fake login pages and sending phishing emails to employees. When users provide their sign in information, the hackers use the customer login to breach their accounts and steal their data.
After infiltrating an organization’s platform, ShinyHunters usually asks for ransom; if victims do not pay the ransom by their deadline, ShinyHunters sells the information to the highest bidder on the dark web.
In response to the Canvas breach, Chief Information Security Officer for the cybersecurity company Arctic Wolf explains users should be especially careful when opening messages and opening links, exercising caution before entering personal information into any site.
“They really need to watch out especially for social engineering attacks. These are the types of attacks that come as emails, texts, direct messages that look innocuous, but they’re really someone trying to trick you, defraud you, do something to further this crime, and so what they want to do is create a sense of urgency to get you to not think, not pause and just act quickly.”
He also explains that attackers like ShinyHunters use these social engineering attacks to gather information from thousands of victims instead of just one company or individual.
Despite being an incredibly active group notorious within the cybersecurity community, only a few members of the group have been arrested thus far.
In May 2022, Sébastien Raoult, French programmer and member of ShinyHunters, was arrested and extradited to the United States. He was charged with 3 years in prison and over $5 million in restitution charges, along with conspiracy to commit wire fraud and aggravated identity theft.
In court, Sébastien said, “I understand my mistakes and I want to put that part behind me. No more hacking. I don’t want to disappoint my family again.”
After being released from prison in December 2024, he returned to France to face local charges, along with further monitoring to prevent further criminal activity.
Last summer, French authorities arrested four other suspects. However, investigators still do not know how many members of the hacking groups remain.
About Post Author
