National Gallery of Canada recovering from ransomware incident

Canada’s national art museum has spent the last two weeks recovering from a ransomware attack that forced it to shut down its IT system.

The National Gallery of Canada – created in 1880 and currently one of the largest art museums in North America by exhibition space – first discovered the attack on April 23 and attempted to isolate the affected networks while hiring a cybersecurity company to conduct a forensic investigation.

The Canadian Centre for Cyber Security has also been involved in the recovery effort.

“We have taken this incident very seriously,” Interim Director & CEO Angela Cassie told Recorded Future News in a statement.

“Our core focus was on protecting personal or sensitive information and the safe operation of the Gallery. We appreciate that this incident is inconvenient and frustrating for our dedicated staff, the Foundation and some of our partners. We remain diligent in working swiftly toward a full recovery.”

The Ottawa-based institution has remained open to the public but many employees continue to work remotely while servers are rebuilt and access is slowly restored.

The organization said no customer data was stolen but confirmed that “some operational data has been lost.”

No ransomware group has taken credit for the attack.

According to the Ottawa Citizen, the art museum emailed its members on Tuesday morning to explain that their payment systems were not affected and they do not store full credit or debit card numbers.

“Please accept our apologies that, over the last 10 days, we have not been as fast in responding to your membership renewals, questions, and comments,” the email stated.

“We remain committed to high levels of member service standards. All members can still visit onsite, any memberships that expired in April will continue to be honoured until the issue is resolved, and all promotions will be honoured and extended.”

Arts organizations like the National Gallery of Canada have been frequent targets for ransomware groups eager to get their hands on customer information, with many believing they are more likely to pay ransoms because they need to stay open.

The Metropolitan Opera in New York was attacked in December, right as the popular opera house began its Christmas season influx where it handles about $200,000 in sales each day.

A wide-ranging July 2022 attack on WordFly, a tech company providing digital marketing, affected dozens of the most popular cultural organizations in several countries.

That ransomware attack damaged email and text message marketing services for organizations like the Smithsonian, the Toronto Symphony Orchestra, Canada Stage, the Sydney Dance Company in Australia, the Royal Shakespeare Company, the U.K.’s Old Vic Theatre and several other major organizations.