Fallout from the ransomware attack on Canvas used by thousands of universities

CHICAGO (WLS) -- A single attack brought a digital blackout to universities across the country. A former White House official says artificial intelligence was used in this attack. He says while the company paid to recover use of its system and for hackers to delete data they stole, pilfered personal information may still be circulating and many could be at risk.

"This ransomware problem is getting worse, not better. And with the use of AI almost, like, commoditizing hacking, it becomes very disconcerting," said Jake Braun, former White House deputy national cyber director and head of University of Chicago's Cyber Policy Initiative.

ABC7 Chicago is now streaming 24/7. Click here to watch

Braun said the ransomware attack on Instructure's Canvas educational platform is the latest in a long line of cyberattacks that are only increasing in frequency.

"We find out about the big ones like this, but I know in my time at the White House, the big story for us was all the attacks that weren't being reported, where folks just pay the ransom and move on," Braun told the I-Team.

He says ransomware attacks are one of the fastest growing and most profitable criminal enterprises in the world.

"We still think we're only hearing about a fraction of what's actually out there," said Braun.

The attack on Canvas delayed finals and locked out teachers and students from the platform with critical risks persisting, despite an agreement from its parent company to pay hackers to delete stolen data.

"One of the fastest growing groups in the world that's getting scammed online is youth, and so, I do wonder what these criminal groups will do with all this data to potentially swindle young people who are in college," said Braun.

He says as an educator himself, he's skeptical of any communications he receives from Canvas right now.

"I haven't opened one email one email since this happened, because I don't feel like I can trust what emails are real or not," said Braun.

He advises people to call their school IT department to confirm whether an email is legitimate, turn on multifactor authentication if possible, and only go directly to the Canvas website to log in to help ensure your data isn't falling into the wrong hands.

"We're more vulnerable than ever particularly with how AI is making this so much easier for bad guys," Braun told the I-Team. "Law enforcement is not resourced to go after these ransomware groups. If we want to actually get a handle on this... We need to be spending a lot more time and energy with federal law enforcement to go after these ransomware groups that are spread all over the world."

In an update from Canvas parent company Instructure, they said in their agreement with the hackers, the data was returned, they received digital confirmation of data destruction, and they have been informed no Instructure customers will be extorted as a result of this incident. Braun says this is another example of cyber vulnerability to not just bad actors looking for money but nation-states such as Iran, China, and Russia.