This week, the Russian anti-malware firm Doctor Web (Dr.Web) announced that it had disconnected all servers following a cyberattack on Saturday, September 14.
The company revealed it has detected “signs of unauthorised interference” to its IT infrastructure. The company pointed out that the security breach had no impact on its customers.
“On Saturday, September 14, Doctor Web specialists recorded a targeted attack on the company’s resources. The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected.” reads a statement published by the company.
The company promptly disconnected its resources from the internal network following its incident response procedure and launched an investigation into the incident.
The company was forced to temporarily suspend its Dr.Web virus databases.
“For the time being, in accordance with the company’s security protocol, all resources are disconnected from the network so that they can be checked. Because of this, the release of Dr.Web virus databases is temporarily suspended. Our Dr.Web FixIt! service, its special pre-release version for Linux, is being used to diagnose and eliminate the consequences of the attack.” continues the statement. “This allows us to scan our resources more quickly. The release of virus databases will resume shortly.”
“The attempt to harm our infrastructure was prevented in a timely manner, and no user whose system was protected by Dr.Web was affected,” it added in a separate statement in English, published on its official website.
On September 17, the security firm resumed its virus database.
The company did not provide technical details about the attack and did not attribute it to any threat actor. It’s unclear if the attackers have stolen data from the antimalware firm.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Doctor Web)