Cybercriminals paid to destroy stolen customer data after hacking universities

“We know that concerns about the potential publication of data related to this incident remain top of mind for many customers,” the statement from Instructure said.

“We understand how unsettling situations like this can be, and protecting our community remains our top priority.

“With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident."

It said the agreement will see the data returned to it and it has received digital confirmation of "data destruction (shred logs)".

It also said it has been informed that no Instructure customers will be extorted as a result of the incident, "publicly or otherwise".

It also said there is no need for individual customers to attempt to engage with the unauthorized actor.

“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible.” 

The company said it will continue to work with experts to support its forensic analysis, further harden its security, and conduct a comprehensive review of the data involved.

Instructure plans to issue detailed information on the cyber attack and its work tightening security with the company’s leadership team via a webinar on Wednesday.

Many Irish universities took the popular Canvas online education management system offline last Thursday following a cyber attack on its parent company Instructure.

University College Cork, Munster Technological University, Trinity College Dublin, and University of Galway are some of the Irish establishments where learning tools went offline on Thursday.

Notorious cybercrime gang, the ShinyHunters, claimed responsibility for this extortion plot.

The hackers managed to exfiltrate a “ferocious volume of data” – some four terabytes - from universities globally, Ronan Murphy, CEO of Smartech 247, a Cork-based cybersecurity company, told the Irish Examiner.

“They're a gang of Westerners, which is a mixture of both Europe and North America. They’re commercially minded young people who are quite technically savvy,” Mr Murphy said.

“You could categorise it almost as organised cybercrime.” 

The ShinyHunters were probably demanding in the region of $10 to $15m from universities in exchange for not leaking their data, he said.

The global cyber attack mostly struck the platform on Thursday night in Ireland, minimising interruption to staff and students.

Instructure said that Canvas is fully operational again and is safe to use.

The company said that core learning data was not compromised. But the attack did involve unauthorized access to some data, including information like usernames, email addresses, course names, enrolment information and messages.

Canvas is an educational management system in which teachers post assignments, grade work, and communicate with students, while students submit their coursework through it, check their grades, and access course materials.

Educational institutions can be targets of cyber attacks because they hold valuable data for cyber criminals, including verified names, addresses, phone numbers, email addresses and potentially financial information.

This data can then be used for crimes like social engineering attacks, identity theft and other online crimes like phishing.