Ransomware recovery efforts are ongoing at the National Gallery of Canada, which is one of North America's largest museums, following an attack on April 23, which has prompted an IT system shutdown, according to The Record, a news site by cybersecurity firm Recorded Future.
Some operational data has been compromised but no customer data and payment systems have been impacted in the ransomware attack, which has not yet been claimed by any threat operation. While the incident has not halted the gallery's operations, remote working has been adopted for many of its employees amid continued server restoration.
"Our core focus was on protecting personal or sensitive information and the safe operation of the gallery. ... We remain diligent in working swiftly toward a full recovery," said National Gallery of Canada Interim Director and CEO Angela Cassie.
Such an attack comes amid the increased ransomware targeting of arts organizations, with the Metropolitan Opera compromised last December and various museums and orchestras impacted by the widespread WordFly attack last July.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.