According to the company, the cyberattack by an unknown group began on September 14, and was "closely monitored and kept under control". Then, on September 16, the attackers went further, undertaking "attempts of external illegal influence on the IT infrastructure" of the information security antivirus vendor.
According to the current security protocols, we promptly shut down the servers and launched a comprehensive diagnostics process. To analyze and eliminate the consequences of the incident, a set of measures was used, including the use of the Dr.Web FixIt! service for Linux. Based on the data obtained, we successfully localized the threat and made sure that it did not affect the company's clients.
On the morning of September 16, as part of compliance with security protocols, some of the company's resources were temporarily disconnected from the network for additional verification. Because of this, the release of Dr.Web virus database updates was suspended for a little over a day. By 16:20 on September 17, the update of Dr.Web virus databases was fully resumed. No Dr.Web users were affected during this time.
Read materials on the topic:
The website of the Association of Tour Operators of Russia (ATOR) was subjected to a DDoS attack
Cunning, fast, invisible: the new malware Loki attacks Russian enterprises
A new virus for smartphones on Android OS steals money through the NFC chip