photo by: University of Kansas

The skyline of the University of Kansas is pictured.

This is a new twist on KU’s Stop Day.

University of Kansas students on Friday – the day after regular classes ended, known as Stop Day – were temporarily stopped from turning in assignments, seeing schedules, and a host of other items.

The culprit wasn’t a school prank but rather a serious nationwide ransomware attack that impacted hundreds of universities.

The company that operates Canvas, a software system used by universities for student assignments, grade management and other topics, was disabled in an apparent ransomware attack.

KU was among many universities across the country that reported that its Canvas system was inoperable. The outage began Thursday afternoon. By about noon on Friday, KU Provost Arash Mafi said via email that the Canvas outage “appears to have ended.”

But Mafi, in an email to the university community, said the outage clearly had been disruptive to university operations at a critical moment.

“We recognize that this disruption affected teaching, learning, exams, and the submission of academic work,” Mafi said in the email.

The email provided instructions to faculty members stating that no student should be penalized for missed or delayed assignments that were dependent on Canvas access. Faculty members also were instructed to download a copy of their grade books – where student scores are kept – immediately.

Having access to those grades is critical at this time of year, as KU prepares to confer degrees at its commencement ceremony on May 17.

KU spokeswoman Erin Barcomb-Peterson told the Journal-World that the Canvas outage is not expected to have any impact on KU’s ability to confer degrees as scheduled.

Barcomb-Peterson also confirmed that KU did not pay any ransom to a hacker or a third-party to end the outage at KU. But such a ransom request appears to be at the heart of the outage. The Associated Press reports that the hacking group ShinyHunters claimed responsibility for the outage.

Students at Pittsburg State University, another Kansas college that uses Canvas, saw a ransomware message when they tried to log onto their Canvas accounts on Thursday. A message seen by the Journal-World said that ShinyHunters had hacked Instructure, which is the parent company of the Canvas software system. The message said, “if any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm, and contact us privately . . . to negotiate a settlement.”

The message said the hackers would start releasing private data of students by the end of day on May 12, if the matter was not resolved by the parties before then. The Associated Press has reported that information accessed by the hackers likely include student ID numbers, email addresses, and messages that students had shared with instructors and fellow students.

Thus far, there haven’t been reports of widespread releases of student data related to the hack.

The Associated Press reported that ShinyHunters is a loose association of teenage and young adult hackers in the U.S. and the United Kingdom who have been linked to other large-scale cyberattacks, including one on Ticketmaster.