Russian cyber firm Dr.Web denies data leak by pro-Ukraine hackers

Russian antivirus company Dr.Web denied on Wednesday that its customer data was leaked during a cyberattack earlier in September.

The company released a statement after the pro-Ukraine group known as DumpForums claimed responsibility for the breach, stating they had stolen around 10 terabytes of data, including client databases.

In response to DumpForums, Dr.Web said that the information published by the hackers “is mostly untrue,” adding that user data was not affected during the attack and that there are no security risks for customers.

The hackers had said they had access to Dr.Web's network for a month and remained undetected. Among the services the group allegedly breached were the company’s corporate GitLab server, which stored internal projects, as well as the corporate mail server and software management services.

“All the company’s security improvement projects now seem to need protection themselves,” the hackers said.

As evidence of the attack, they provided links to several alleged Dr.Web databases. It is not clear if the information they contain is authentic.

Dr.Web said that it cannot provide more details about the attack so as not to interfere with the ongoing investigation by law enforcement.

“The attack was promptly thwarted, all services were disconnected from the network and underwent thorough inspection in accordance with security protocols,” the company said. “The hackers’ main goal was to demand a ransom from our company, but we do not conduct any negotiations.”

The company said it is “investigating screenshots posted in the hackers’ Telegram channels to identify compromised data.”

Dr.Web has been around for more than 30 years and is considered one of Russia’s largest domestic antivirus developers. Clients include Russian critical infrastructure operators, banks and telecom companies.

Following the cyberattack, Dr.Web was unable to update its virus and malware database for several days.

DumpForums has previously claimed responsibility for breaches of several Russian targets, including the national card payment system, a local cyber company, state agencies and an online pharmacy.