On May 7, around 1 p.m., Canvas shut down across the country, affecting around 9,000 schools, including Las Positas College. Although service has since been restored, the LPC’s district is still advising students and employees to avoid using Canvas until further notice.
The cyberattack hit around early afternoon on May 7, leaving students confused, and professors scrambling to continue their classes without Canvas. Prestigious universities such as Harvard, MIT and Duke have also been affected.
Students nationwide opened Canvas only to find a message in white text on a black background, outlined by a red box. The message is from ShinyHunters, a ransomware cybercriminal group that’s behind the cyberattack. According to the New York Times, the group has previously targeted companies such as Ticketmaster, Microsoft and AT&T.
The message states that when ShinyHunters first breached Canvas over the last weekend. Instructure, the developer of Canvas, refused to contact the group to negotiate. Now, ShinyHunters is threatening to release all private information from Canvas.
Instructure has until May 12 to resolve the issue before ShinyHunters releases the information, which includes student IDs and “billions of private messages and other records,” according to MSNBC.
The message from ShinyHunters on May 7 also stated that “If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement.”
The Chabot-Las Positas Community College District sent out an email at 6 p.m. on May 7 addressing the issue, stating, “District is aware of malicious, extortion-style messaging that has appeared in Canvas.”
The IT department continues to monitor the situation and to work with Instructure to fully restore Canvas. By Friday morning, Canvas had been restored in the district. However, users were advised in another memo from the district, “Out of an abundance of caution, we strongly encourage everyone not to access the system until further notice from district and college representatives.”
The new memo from CLPCCD Chancellor Ron P. Gerhard states that access has been restored and the CLPCCD will continue to work with Instructure, the California Community College States Chancellor’s Office and internal Information Technology Services staff to “evaluate the nationwide malicious messaging impacting the Canvas system.”
Other CLPCCD systems, such as MyPortal, are functioning as normal and have not been compromised.
In both memos, Gerhard cautioned users not to click on unfamiliar links, download suspicious files, respond to messages from unfamiliar sources and to continue to use strong passwords. Any suspicious activity is to be reported to the LPC Information Technology Services’ Help Desk at helpdesk@clpccd.org.
Some concerns students have include what to do for asynchronous courses, how to contact professors and what the cyberattack means for upcoming assignments or tests. Currently, there is no information for these next steps as the issue is so recent, although some individual professors have been reaching out to students via email to provide guidance
The district will continue to send out more updates and guidance as more information is revealed and can be accessed at LPC’s CLPCCD Communications page found on the LPC website.
***
TOP PHOTO: Canvas has been restored, but the campus and the District are on alert after the cyberattack on Thursday.
Nuha Maflahi is the Campus Life Editor for The Express. Follow her on X @NuhaMaflahiLPC.
