Gallery Systems, a company that provides software solutions for museums, has revealed that its recent IT disruptions were a result of a ransomware attack. The company, formed in April 2022 through a merger with Artsystems, a prominent figure in gallery and collection management software, serves an extensive client base, including more than 800 museums.
Prominent users of Gallery Systems’ software include The Crystal Bridges Museum of American Art, Barnes Foundation, Chrysler Museum of Art, Metropolitan Museum of Art (Met), Museum of Modern Art (MoMA) in New York, Museum of Pop Culture (MoPOP) in Seattle, and the San Francisco Museum of Modern Art (SFMOMA).
Gallery Systems communicated to customers that it had experienced a ransomware attack on December 28th. In response, the company took its systems offline to mitigate the risk of additional devices being encrypted.
The customer notification letter, shared with BleepingComputer, states:
“On Thursday, December 28, 2023, certain computer systems that run our software became encrypted, which prevented them from operating…We have been working around the clock to restore access to the software and we sincerely appreciate your patience during this time. We will be restoring your data with the last available backup.”
Services offline
Several Gallery Systems services, including the online public viewing platform named eMuseum, rely on encrypted servers. This platform is widely used by museums and colleges to establish searchable online collections and exhibitions through emuseum.com subdomains. These services were taken offline as Gallery Systems addressed the aftermath of the ransomware attack.
The company says that it has taken steps to notify law enforcement authorities and is actively conducting an internal investigation to assess the impact of the breach.
Attractions such as theme parks, zoos, museums and FECs all have significant cyber exposure, meaning that the industry could be a target for cybercrime, according to Robert Kluth, an expert on speciality insurance for the leisure sector. Writing for blooloop, he said:
“With high footfall and large numbers of payment card transactions, it’s no surprise that the leisure industry has become a prime target for cybercrime…Attacks can take many forms, including data breaches from unauthorised access, theft of payment card information, malicious software and denial of service attacks.”
