After cyber attack: Dr. Web took server offline
The Russian antivirus manufacturer Dr. Web has taken its update servers offline following a cyberattack.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
The Russian antivirus manufacturer Dr. Web has fallen victim to a cyberattack. As a result, the company disconnected all resources from the network –, including the servers responsible for delivering signature updates. Normal operations have now returned.
Dr. Web announced the incident on Tuesday. According to the report, employees detected a targeted attack on the company's resources last Saturday. The attempt was stopped in time. Systems belonging to users of the anti-virus software were not affected.
Emergency protocol: go offline
The company's emergency protocol for such cases is to disconnect company resources from the network and investigate them. As a result, the Dr. Web databases were temporarily offline. The company then used its own "Fixit service" to examine the servers. Over the course of Wednesday, the company documented the incident in a further blog post.
According to this, the attack took place on Saturday and was discovered on Monday. The company then disconnected the IT from the network and initiated a security check. The incident was investigated using the company's own analysis software and the effects of the incident were analyzed and corrected. The data collected made it possible to isolate the threat and ensure that customers remain unaffected. On Tuesday evening, the virus signature databases went back online, the company explains.
Dr. Web does not provide any details about the attackers, the attacks themselves, the affected systems or any further effects. Apparently, no external expertise was called in either.
Providers of IT security software are also increasingly coming under fire in everyday cyberattacks. On Tuesday, for example, it became known that there had been an IT security incident at Fortinet. This resulted in the outflow of customer data.
(dmk)