_business – jozefmares.com
Home top_menu _business


Seems like ransomware is getting traction, since I was asked for 3 times last week my opinion on the topic. 

What is going on with ransomware, how to deal with it and is it going away? Short answer – no. Here is why.

It is business thing

First time founders think having awesome product is the most important thing to succeed. Once they will mature a little bit, they will find out marketing and distribution is real deal. 

10 years ago, it was pretty popular to extort ecommerce and content companies with DDoS attacks. I personally had “pleasure” to deal with this issue for 3 times. Two times we were able blackhole DDoS traffic and implement what we called hillbilly CDN, once customer decided to pay. 

Let’s take a look on a problem from business perspective. Using DDoS as product, you have to act in real-time to create pressure, have to solve payment infrastructure (anyone remembers eGold or payment in vouchers?). Scaling was hard as your DDoS infrastructure has only certain capacity. DDoS capacity was changing very fast as your hacked machines were subject of interest for other groups. This business didn’t scale well and distribution was hard.

Since extortion is multination technological industry with agile transformation (like shady Amazon) need for transformation was here. Payment infrastructure (part of the distribution problem) was solved by BTC. Side note – BTC is not anonymous and seems like it is not problem. Product was here – encryption malware and this product compared to DDoS scales very well (e.g. when you have 1000 victims in pipeline your cost for service is not growing linearly). Early versions of most of the ransomware had issues (remember it is agile industry) with weak encryption algorithms, stored keys in memory etc. Probably normal developer thing – not invented here, I will make my own cipher suite. This was eliminated by using industry standards encryption algorithms. 

Product-market fit was easy. Encrypt and extort. There is churn (e.g. 40% will not pay as they have backups, 20% will not pay as they do not have resources – you can provide discounts) – you get the idea. 

I mentioned it is agile industry and here is the thing – you need faster distribution (bigger pipeline for your churn) and for last two years I saw multiple times offers like this: introduce our ransomware to your corporate environment and get 30% of profits (business thing – commission based model). Another model – start your own ransomware with our platform. We will handle payments and create ransomware packages you will take care about support and find victims (franchise/sometimes MLM model).

You can see – ransomware is really just a business. You have customer support, development, finance people etc. and probably even some board meetings. :)

To conclude – there is great product-market fit, profits are here and most of the businesses can’t compete with agile tech industry (see newspapers vs Facebook, local shops vs Amazon).

It is political problem

If there are countries which supports ransomware gangs, provide legal infrastructure (or decide not enforcing law) and even profit from ransomware (North Korea, Russian intelligence units) situation is not going to change. It is relatively harmless to profit from ransomware, there is not going to be military action as response to ransomware attack (so far, in future this will change) and investigation is taking long time. Worst case scenario – you will play diplomacy card. Cost/benefit analysis is speaking for ransomware.

It is technical problem

Technological landscape in average household and organization is getting more complex every year. Just think how many new devices you got in last two years. For corporations it is worse. Cloud has removed perimeter and remote work moved security boundaries to homes of your employees. Shadow IT is omnipresent – it is not just people will bring their own cell phones. Your data are in various services like dashboard, note-taking apps etc. All these things are creating super-complex landscape. 

And cybersecurity is constantly failing. Why is cybersecurity failing – that’s topic for another time. Long story short – cybersecurity does not scale well and immediate response is always more compliance and rules instead of root cause analysis. 

Lot of cybersecurity problems can be solved by proper hygiene and it is where almost every company is failing – assets management, monitoring and incident response. At least at 50% of organizations I speak with is saying what kind of countermeasures they are doing, what tools they are buying. Rarely I can hear incident response, resilience and reliability and continuity planning. It is almost like most of the people do not plan for failure and act surprised when incident happens.

Why ransomware getting traction now?

1.     Ransomware is commodity and requirements for entering business are low – almost no technical skill required. 

2.     Complexity of landscape is increasing (read more things to attack and more ways how to get access) every year which helps fill extortion pipeline.

3.     Little readiness for incident – no backups, no incident handling planning, zero focus on resilience.

What’s next?

More ransomware of course. Difference is, this is going to be more present for industrial organizations. How many manufactures are not going to pay ransom if they must deliver just-in-time? When ransomware will hit targets like Colonial pipeline or other critical infrastructure how probable is they will not pay extortion? I heard few times things are going to change, there will be legislation and new regulations. Might be but that is what we have been doing for last 20 years. Are we more secure?

If you are not planning for incident buy some BTC, there is good conversion rate these days.

Firemnú doménu z historických dôvodov a mojej lenivosti vlastnil registrátor. Keď som začal konsolidovať domény pod subreg.cz tak posledné čo mi ostalo bol prenos .sk domény.

Ako na to (SK retard verzia):

  1. získame štatút používateľa (1x pošta do SK-NIC) – formulár F1;
  2. spravíme zmenu držiteľa (1x pošta do SK-NIC) – formulár F6;
  3. zažiadame o zmenu registrátora (1x pošta do SK-NIC) – formulár F5;

Predpokladám že i pôvodný držiteľ musí odoslať svoju časť formulára F6.

Celkový čas: dva týždne, cena domény: 351,42 Kč/rok. (ceny sú od subreg.cz)

Pre porovnanie prenos .cz domény:

  1. získame authid ktoré príde mailom;
  2. dáme authid registrátorovi;

Celkový čas: pár minút, cena domény: 145,00 Kč/rok.

Čo robí sk-nic.sk a ako to že nic.cz má projekty ako Turris, Datovka, Knot DNS, BIRD a podobne?

There were questions from my friends about my fancy office, equipment, organization and so on. So, as I am lazy and do not want to tell it separately I’m going to write about it.

My philosophy is simple – if computer is your shovel do not be snippy on your shovel.

Pictures usually say more than descriptions so here we go.

Physical and computer desktop

I would like to have 4k display but cheap ones I tested sucks (HDMI 1.4 and 30 Hz) and expensive are, well, expensive. Organization of computer desktop is simple – left communication and in general things that does not require attention, vertical oriented are treated as one big screen – left is usually browser and Sublime text, right are terminals. If I’m writing some report right is document, left notes, terminals and so on.

Since I’m syncing most of things via Owncloud, local NAS, Puppet for configuration Macbook Air is on the desk only for charging reason. I use it only in coffee shops, on client sites etc.



Actually one of most important rules (you back will thank you later) – don’t be snippy on this. Mine is from M1 shop. In shop they are able to provide you some special tweaks based on you body type.

IMG_2075Cabling and mounting

I don’t like cabling on the floor so I bought some organizers – mostly based on Velcro and mounted it under the desk.

IMG_2077To achieve better positioning, more space on desk and cleaner look I decided to mount displays on the wall.


I like little upgrades I did to desk – for example this “integrated” USB.


But, in the end best tuning is have separate desk for experimenting, connecting temporary computers and so on.


Bookcase is important. Many people tend to think that everything is on Internet. Trust me – it is not.  But from this certain book-shelf is. :)

Newer Posts