Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week.
Gallery Systems was formed in April 2022 when it merged with Artsystems, a global leader in gallery and collection management software, and boasts an impressive client portfolio, including over 800 museums.
Notable users include the New York’s Museum of Modern Art (MoMA), the Metropolitan Museum of Art (Met), the Chrysler Museum of Art, the Museum of Pop Culture (MoPOP) in Seattle, the Barnes Foundation, the Crystal Bridges Museum of American Art, and the San Francisco Museum of Modern Art (SFMOMA).
In a customer notification shared with BleepingComputer, Gallery Systems said it suffered a ransomware attack on December 28th, causing the company to take systems offline to prevent further devices from being encrypted.
“On Thursday, December 28, 2023, certain computer systems that run our software became encrypted, which prevented them from operating,” reads the customer notification letter shared with BleeingComputer.
“We have been working around the clock to restore access to the software and we sincerely appreciate your patience during this time. We will be restoring your data with the last available backup.”
Some encrypted servers are responsible for hosting several Gallery Systems services, including the online public viewing platform called eMuseum.
Museums and colleges commonly use this service to create searchable online collections and exhibitions through emuseum.com subdomains, which are now offline while the company responds to the attack.
Gallery Systems says it has notified the law enforcement authorities and is conducting an internal investigation to determine the breach’s impact, promising to provide updates to clients when more info becomes available.
By the time of writing this, no major ransomware groups have taken responsibility for an attack on Gallery Systems, so the threat actors are unknown.
BleepingComputer has contacted Gallery Systems with questions regarding the cyberattack and its potential impact, but we have not received a response yet.
