Today’s story aims to introduce you to the dark romance of the Russian underworld – especially Russian cybercrime: extortionists, leaked databases, the critical importance of monitoring & incident response, and what really hides behind the shiny marketing of “cybersecurity.”

Based on real events. All names changed, companies/brands anonymized (except actor Vladimir Vdovichenkov from “Bumer 2”, the black BMW X5, my first Apple iPhone, and a full-keyboard BlackBerry).

So, Bumer. Film Two.

Released in 2006 when the first part was already a massive hit. The main theme became ringtones for thousands. We watched Part 1… during a Social Studies class in IT college 😂

Context: watch at least the first 17 minutes with English subs. In the director’s cut (5–7 min) there’s a deleted scene: “Cat” (Vladimir Vdovichenkov) to the prison boss – words I’ll never forget:
“Why did you kill a good guy… he had only several months left to parole…”

The film’s key symbol: material dream of the boys — a black BMW X5.
Premiere: March 7, 2006 (Russia & Kazakhstan). My first university year. One year later I met Vladimir Vdovichenkov… at the traffic police getting plates for new cars. Mine – bronze Hyundai Accent from dad. His – guess two times 😏

Real events hit in 2013. Age 25. Left bank cybersec tech role, became pre-sales manager (cybersecurity focus) at a big IT integrator. Preparing million-dollar tender proposal: TCO, architecture, vendor & client calls.

14:00 – buried in Excel. Hear boss: key outsourced customer hit by massive DDoS. Business down, terminals in richest regions offline, top management in panic.

Google search → volunteer to help. No standard playbook → sent to “hold the dying man’s hand.”

15:00. Racing with tech manager. Explain problem & solutions on the way. Found Frostbyte (our partner) & Shieldex in 5 min. Call A.Zvizdilov – get a storm of swearing: “We won’t protect this client for any money – he accused us of staging the attack.” Calm him down, agree. Fix with AE: if client says yes – protect at list price + standard discount, no haggling.

16:00. 30th floor business center, view almost like Central Park NYC. Present options: SECaaS optimal, on-prem “free” but limited, hybrid best of both. Draw scheme on whiteboard.

17:00. Chemistry with CIO. Panic fades, reason returns. Action: whitelists, collect terminal IPs piece by piece, BGP tunneling, extra firewall, approval, prod. 3 intense hours. Order pizza.

21:00. Pepperoni, black soda, mood up. Reroute traffic, wait for DNS prop, test, tune. Not instant – another ~5 hours, but calm & professional. Business restored.

04:00 next day. Watch sunrise together. Handshakes, go home.

09:00. Call through sleep: tender manager — “Where’s TCO?!” Deadline 18:00. Aggression: “I need it NOW!” Shave, shower, wipe tears of frustration.

10:00. Proposal sent, I’m on the carpet — restrained but pissed.

Outcome: bonus (bought first motorcycle), ride in boss’s black BMW X5, personal coaching from him. Built deep trust with CIO – became their trusted architect. Shared expertise, built IR plans.

Later attack on customer DB via web server — they were ready. Detected leak via read spike in Storage monitoring, blocked channel in time. It turned out to be just a couple of lines of malicious code injected into the website. Who could have done that? 🤔

Peak twist: I’m on client side, defending them to authorities & R.Borodach (Frostbyte investigations head) — “All measures taken, no admin liability for data breach.”

3 years on: R.Borodach arrested. Frostbyte: “No known violations,” fired same day. Still serving sentence.

Moral (short & hard):

1. Control ALL your assets. Even a simple landing page can be entry point. Never mix public & business flows. Think 10× about risks before publishing.

2. Store data only on Enterprise-Ready Storage. Invest in monitoring & response processes – saves nerves, time, and proves innocence when shit hits the fan.

3. Read my blog, take ownership, but stay away from gray zones. Respect the law. Ignorance is no excuse.

Resources: Mobylnik (soundtrack)

Movie or real life — which is crazier? Drop thoughts below.