The Storm

Speaker 1: So the Costa Rican government got hacked. Not one department, not one website, pretty much the whole thing. Shut down by a ransomware attack. Not that there's ever a great time for an unprecedented cybersecurity breach of a nation's entire government, but the timing on this one was extra bad, as it took place right as a new president, Rodrigo Chavez, a former finance minister, was sworn into office. One of his first measures, signing a law declaring a national emergency, usually reserved for natural disasters, for this hack. Usually reserved for the second week in power. Normally, you gotta wait, like, ten days before you drop one of these. Now for this hack that had essentially shut down the government. To turn it back on, the hackers, a group called Conti, wanted $10,000,000 for the decryption keys. But this is different than most ransomware attacks. Not just because it's a government, which Conti and other groups have done before, and not just because they really truly managed to shut down the government, which would itself be novel. This one's different because of why this all happened, and what Conti did when Costa Rica refused to pay. Which is to suggest that if Costa Rica's government wouldn't pay the fee to decrypt these files and turn back on the government, well, the Costa Rican people should just overthrow them. Staging a coup as a ransomware negotiation strategy, that is new and attention grabbing. And slowly, it started to become clear that the attention grabbing is maybe the point. More than the money, more than staging a ransomware revolution, it's starting to look like maybe this is specifically about the attention, about distracting the world while Conti transformed into something new. So we called up Leon Weinstock, the director of the Costa Rica office of the law firm BOP and a specialist in data and privacy protection law, to talk about the legal and political fallout of all this, and importantly, why you would hack a country, here on Hacked.

Speaker 2: For the LOLs.

Speaker 1: When you first bumped into this story, was your sense they did this for the LOLs?

Speaker 2: Yeah. It was like the the first thing because it was like they were demanding, like, x million dollars. They had taken over, like, a bunch of, like, serious government services. And then and then, like, this was right when it was happening, like, day zero. And and then they were just like, you know what? Maybe we want the government out of power. It's like and it just, like, seemed like they were like, yeah, we got enough money from doing this to other people. Like, now we want to cause social revolution. Like, just because, you know, that's a cool thing to have done in your life.

Speaker 1: Yeah. Maybe just sort of casually staging a coup is what we feel like doing on Tuesday. So forget the money. Let's just go with the coup.

Speaker 2: Exactly. If if at least that's how it came across initially. It was like, you know, hey. If you don't pay, that's fine. We're just gonna get you thrown out of power by, like, destroying the government. And it was like, okay. Like, may it like, why not?

Speaker 1: Well, I think at first, that was sort of intentional, and it's just gotten weirder from there.

Speaker 3: So it is difficult at this time to know the consequences. It is being said that there be they may last for several months or or or years.

Speaker 1: So my first question for Leon was basically, like, bird's eye view, how bad has this been?

Speaker 3: Right now, the the all the consequences are not, known or have not happened yet because, for example, in customs, there it is getting slower to export or import products. It being said that the government will be able to collect less taxes. Also, there isn't a lot of information of, what information is really compromised or and or if the government will be able to restore the information. There isn't any formal communication right now. All that we have are speculations.

Speaker 1: So the hack took place in April, April 12, and it basically shut down Costa Rica systems for collecting taxes, their systems for paying pensions, and importantly, as we've been discussing, a lot of the systems overseeing their exports and imports process and for paying government employees. To date, the finance and labor ministries still can't access any kind of computer systems. The timeline here is interesting. April 12, Carlos Alvarado Quesada, the former president, was still in power. And it wasn't until after May 8 when Rodrigo Chavez takes over when he says, okay. I'm gonna declare this state of emergency, and this story kind of starts to go public.

Speaker 3: Also, there was an emergency declaration in Costa Rica. We have a law for emergency that usually, it was it has been used for when there is, for example, a natural emergency, earthquakes, a lot of rain or or there that this allows the government to refrain from complying with some formal procedures and to obtain budget from for from other purposes or to make faster procedures. So this was the first emergency integration for a cyber attack.

Speaker 2: One quick clarification. So the attack had begun under the old president, And it was kinda like, here's the keys to the car, sorry about its condition, and, like, exit stage left. Like, that's kinda what happened. Like, oh, by the way, the government's under a crazy information security attack.

Speaker 1: It looks like that.

Speaker 2: And, have Yeah. Have fun. Enjoy. Wow.

Speaker 1: So the Costa Rica hack is a double extortion hack, which we've talked about before, where they want payment not just to decrypt the encrypted systems, but then a second payment, to not leak the data publicly.

Speaker 3: What what it is true that we can say right now is that they have more than one month without the information, and they have not been able to restore the information or the systems.

Speaker 1: It's interesting. Since Costa Rica happened in April and this story went public, Conti, the gang, has actually gone on to hack another country, Peru. But that hack is useful in that it reveals what's novel about this one. In Peru and most other, like, nation state hacks, the gang hasn't been able to block access to those core essential systems for any super long period of time. They haven't been double extortion schemes. They're mostly just pay us or we'll leak this information. Costa Rica is pretty unique because they've truly shut down access to government systems for well over a month now.

Speaker 3: However, the difference or the main difference, for example, between Costa Rica and Peru is that, for example, in Peru, they were not able to block the systems. As far as I know, they were only able to to to to obtain information, and they were requesting a payment to refrain from discovering the information. But the they have been they have not blocked the systems. So this is, like, the main consequence in Costa Rica.

Speaker 2: So Peru kept Peru kept operating kind of as is? Like, they're they restored from backup and kept moving ahead dealing with, like, the crisis on the side of their desk. Is that kind of the the vibe?

Speaker 1: Yeah. The damage in Peru, I haven't read as much about that one, but what I've read is that it's not nearly as bad as what's happening in Costa Rica. The the thing that's unique about Costa Rica in a lot of ways is just how rough this is turning out to

Speaker 3: be. Mhmm.

Speaker 1: So April 12, Costa Rica gets hacked. May 8, the new president takes over and says, hey, this situation's pretty bad. We're gonna need some kind of legal authority to do something here. I'm declaring this national emergency. So I asked Leon, why would you do that? As he explained it, it kinda comes down to the laws surrounding negotiating with a ransomware hacker as a government. If your stuff gets hacked, you can choose to pay or to not pay. If you're the CEO of a big corporation, you can choose whether or not to write that check. Whether you should, interesting question, but the choice is still yours. But if you're a person working in the government, it's legally very difficult to pay that ransom even if you wanted to. You can't really spend that much money with without a corresponding line item in a budget. And when that line item is for ransom for decryption keys, we have zero guarantee we'll actually ever get. It gets even more complicated. Leon, again, a lawyer explained to me that there haven't really been any negotiations with Conti, because negotiating with Conti would be an actual crime.

Speaker 3: And to be honest, as far as I know, I don't know if there were some backdoor negotiation, but negotiations. But as far as I know and I have heard, there have not been any negotiation with with county because also the, for the government to proceed with the payment, it's almost impossible because the laws here require a budget and you have to proceed with a formal payment. It's not like you can proceed with a payment to a guy like this or a criminal organization. So negotiations have not even started as far as I I have been publicly known. Let's assume that you find the budget. You you will be receiving an invoice. You will sign an agreement. You will how you how you are sure that you are going to receive the, keys from the payment, all those aspects that usually are being discussed when you are negotiation negotiating with a cyber criminal in a cyber attack. All those aspects, when you are a public government, are much more difficult to to solve because at the end, if it is a private company, the the CEO will say, okay. Thank you for the information. Assume the risks. But for the president to say that, that may be considered a crime for the president to authorize this payment. So any president will sign any payment that may get him into jail.

Speaker 1: So since April, the state is somewhere between refusing and incapable of negotiating with Conte, which is when Conte decides, okay. We're gonna ratchet up the pressure in this very public, very attention grabbing way. First, they start dropping leaks, this big 672 gigabyte file on the dark web. But importantly, and this is kinda when we found this story, they make these first posts. These posts starting to threaten to delete the decryption keys paired with this very unique threat.

Speaker 4: The first one goes, we appeal to every resident of Costa Rica to go to your government and organize rallies so that they would pay us as soon as possible. And And if your current government cannot stabilize the situation, maybe it's worth changing it.

Speaker 1: And that provocative idea of if they won't pay us, maybe you overthrew them sparks the first wave of media coverage. Then it was followed by another post on May 17 where they really drive the point home.

Speaker 4: They write quote, We are determined to overthrow the government by means of a cyber attack.

Speaker 1: That gets more coverage. They see it's working. They do another one.

Speaker 4: I once again appeal to the residents of Costa Rica to go out on the street and demand payment.

Speaker 1: If they won't negotiate with us, overthrow them. But here's what's, like, pretty interesting about that. In the weeks following that first May eighth announcement, Conti starts really up upping the pressure. But even as they're doing that, again, there's no evidence that they're negotiating in any way with the Costa Rican government. Even as they're making increasingly public calls for the people of Costa Rica to overthrow that government, they're not talking to the government. So Conti has publicly posted that they've requested $10,000,000 for the decryption keys that would basically turn Costa Rica back on. And I was curious for Leon's opinion on this. Like, $10,000,000 in the context of this isn't that much money. Right?

Speaker 2: Well, you imagine just imagine paying a bunch of public servants to do nothing for a month and then paying them all to catch up for all the work that wasn't done in that month. $10,000,000 would be like a steal of a deal in most countries anyway.

Speaker 1: It would be in Costa Rica as well, which makes you wonder, is this really about the money?

Speaker 3: I'm not sure if this was ever for the money because, unfortunately, the damages for Costa Rica right now have been much more higher than 10,000,000. So the if there was $5.10, $15,100, the situation will be the the same. So I'm not sure about the what the expectation of this case because, also, the security measures in Costa Rica from the central government were very, very low, so it was a not so difficult attack for 20, but also, it is known that for a government, like, for in Costa Rica's structure, it will be impossible to pay. So, to be honest, to know the purposes of the attack, it's really difficult. Some some news have said that it was like a decoy.

Speaker 2: So this is like a this is like a like a sandbox almost. Like, they're just trying to bait them into paying the 10,000,000 so that they're in violation of some law and gets them thrown out of power and put in jail.

Speaker 1: Oh, interesting.

Speaker 2: Some long, like, con.

Speaker 1: A long con. It's a long con. It's not that long con, but that's an interesting long con. That brings us pretty well back to Conti. We're not gonna do a deep dive into who Conti is. That would be its own whole thing. But what you need to know is that Conti is something between a strain of ransomware and a ransomware gang that uses this specific software product they've developed. They are a very big fish in the world of private Russian cybercrime gangs. There was some early speculation when this all started that because Costa Rica had aligned itself with Ukraine that in the context of that war, maybe this was a political gesture, any friend of our enemies is our enemy type thing.

Speaker 3: Mhmm.

Speaker 1: But it looks like that's probably not it. In 2021, Conti extorted a $100,000,000 from the victims, making them one of the bigger ransomware gangs in the world. But it's when they really publicly backed the Russian invasion of Ukraine that things started to actually kinda get messier for Conti. At the start of this year, Conti published a post on their website supporting the Russian invasion. Anyone who opposes it opposes Conti. We are on the side of this war. Which in retrospect, is kind of a pretty big mistake for Conti and would go on to have really huge implications for Costa Rica. Because a month later, in response to this support of the war on February 28, someone hacked Conti. A revenge hacking. An anonymous Twitter account called ContiLeaks released more than 60,000 chat messages between different members of the gang. They released their source code for the Conti ransomware, ware, internal documents, their org chart. All of this gets published publicly. It was one of the largest leaks of a cybercrime gang ever. Accompanying this big leak, three words, glory to Ukraine. And suddenly, the world has a really, really good look at how Conti was organizing itself, how it worked, and its political and economic goals. Suddenly, this group that was really good at hanging out in the shadows had a huge spotlight shining on top of it. And for the first time, we got a great look at how one of these huge gangs really operate. Conti has an HR department. It has administrators. It has coders and researchers. It has best practices and policies for how hackers should access their source code. It has basically a CEO, this guy code named Stern. The exact number of membership ebbs and flows over time, but it's about a 100 people, and they earned about a 180,000,000 in revenue last year.

Speaker 2: Like a proper organized crime syndicate.

Speaker 1: With this very popular product, this ransomware strain that bears their name. But it starts to become clear over the last few weeks that announcing their support for the Russian invasion of Ukraine was kind of a miscalculation. First, it led to them getting hacked, leaked, and exposed. Then The US placed a $15,000,000 bounty on the kinda top brass of Conti folks like Stern. And that's all happening right as Russia's seemingly endless support for these groups was starting to get kinda iffy. We talked about this in the our evil episode. Russia used to turn a blind eye to the private hacking gangs inside of Russia as long as those gangs didn't target Russians. But following the start of that war, that sort of implicit immunity hasn't quite been so steadfast. Russia's proven willing to arrest Russian cyber criminals if they get too much attention on them, which Conti had. And suddenly this big apex predator was starting to look like prey. Their brand had become toxic. So with their most vulnerable, this infamous international hacking game goes off and pulls off this unprecedented shutdown of a foreign country, Costa Rica. And they're making just a ton of noise about it, pushing for these negotiations that they know won't happen, earning a ton of press by calling for people to topple the state if the state doesn't pay which it can't, which Leon again pointed out was never gonna work.

Speaker 3: I do not think that there was a political dimension on this because we are proud and it's true that the Costa Rican demographic system is very strong to take down the government. Costa Rica had not happened in eighty years more or less or more. We thankfully have a very a very strong democratic system, so I think that that was a impressive strategy of

Speaker 1: Conti has essentially engineered a press spectacle with this ransomware attack more than an opportunity to make profit right as they're at their most vulnerable, which raises the question of why. And then ten days ago, it's looking like we got an answer to that.

Speaker 2: Do tell.

Speaker 1: Right after the break. Starting some new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's gonna work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10 of all e commerce in The US. From household names like, well, hacked podcasts merch, to brands just getting started, you can get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button that's used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot, and more sales for you. It's time to turn those what ifs into sign up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked.

Speaker 5: No one goes to Hank's for spreadsheets. They go for a darn good pizza. Lately though, the shop's been quiet, so Hank decides to bring back the $1 slice. He asks Copilot in Microsoft Excel to look at his sales and costs and help him see if he can afford it. Copilot shows Hank where the money's going and which little extras make the dollar slice work. Now Hanks has a line out the door. Hank makes the pizza. Copilot handles the spreadsheets. Learn more at m365copilot.com/work.

Speaker 6: I wrote a little song to remind you, Choice Hotels get you more of the experiences you value.

Speaker 2: The Cambria Hotel's got it all. A rooftop bar. Have a bar.

Speaker 6: Bring a date, your squad, or even your mom. Book direct at choicehotels.com.

Speaker 2: We gather here tonight to bring women back to their rightful place.

Speaker 7: The Testaments, a new Hulu original series From the executive producers of The Handmaid's Tale.

Speaker 8: It's easier to accept a story than believe that the people around you are monsters.

Speaker 7: The battle isn't over.

Speaker 9: There comes a time when you have to take action, when you have to choose your own destiny.

Speaker 7: Watch the new Hulu original series, The Testaments, streaming on Hulu and Hulu on Disney plus for vinyl subscribers. Terms apply.

Speaker 2: What a nightmare for the incoming president.

Speaker 1: Oh, can you fucking imagine? Like, you take over, and they're like, by the

Speaker 2: way FYI, here's the keys. Also, the car is infested with malware, so you on fire.

Speaker 1: Enjoy your new your Toyota. It's full of bees. It's just hornets and bees all the way down halfway.

Speaker 2: I was like when you were describing it, I was like, I feel like like, if it is illegal to pay these guys and buy them out, I feel like there's a there's a there's a conspiracy theory deep inside of there, being like the outgoing president who didn't wanna lose, you know, set the plant for this,

Speaker 3: and blah blah

Speaker 8: blah.

Speaker 2: And now Sure. Now the new incoming president either has the option of shutting down the government Oh. Or being thrown from power for turning the government back on. It's like, what a lovely what a lovely situation to find yourself in on the first day of office.

Speaker 1: Oh, yeah. And you'll know if you'll know if the next guy committed a crime if everything works again.

Speaker 2: Like, you can you can tell. Yeah. That's very clever. So there's a there's a deep seated, what's it called in there somewhere? Conspiracy theory in there for the conspiracy theorists around about.

Speaker 1: A conspiracy inside of this very conspiratorial story.

Speaker 2: Exactly. There's a deeper level.

Speaker 1: Yeah. There's a deeper level. It's like we're three twists deep right now, and you're like, hold up. Hold up. Hold up. What about

Speaker 2: Let's go deeper.

Speaker 1: So there's this cybersecurity firm called Advanced Intel, and they kinda crack this whole thing open. Ten days ago, they publish a post with some news about Conti. News about this gang right as they're in the middle of this nation state scale hack. The Conti ransomware gang has shut down. Their operation is down, their infrastructure is taken offline, and team leaders are telling people this brand, Conte, is no more. The question is, like, why would you hack Costa Rica right in the middle of all that? Because we know it's not about the money because these negotiations are illegal, and we can be pretty confident it wasn't to topple the government. So why would you do all this damage if you're just gonna shut down anyway? In an interview with BleepingComputer, one of the main researchers at Advanced Intel, Yosiliy Bogoslowski, told him his theory, and I think it's a pretty good one, Which is that Conti conducted this very public attack to create a facade of this really thriving, ambitious operation, while all the membership snuck off to other smaller ransomware operations. Operations without multi million dollar bounties on their heads, without giant embarrassing leaks and huge spotlights beaming down on them. To quote Yaceli the researcher, the only goal Conti had wanted to meet with this final attack was to use this platform as a tool of publicity, like performing their own death and rebirth in the most plausible way it could have been conceived. The agenda to conduct the hack the attack on Costa Rica for the purpose of publicity instead of ransom was declared internally by the Conti leadership. The number they wanted was made up, the negotiations weren't real, the purpose of the hack was a lie. It was a publicity stunt to distract the world where they ran off. So where does that leave the players in all this? First, we've got, you know, Conti. Boleslavsky told Believing Computer that instead of rebranding as another large ransomware operation, the leadership had instead made partnerships with a bunch of smaller ransomware gangs who they would sort of transition all their teams to to then keep conducting attacks. Smaller ransomware gangs get a bunch of really experienced Conti pen testers and negotiators and operators. The Conti group gets a bunch of mobility and a bunch of kind of evasive space to maneuver against law enforcement by splitting into these smaller sales. They basically shuffle off this big toxic brand name. The gangs get new talent. Everyone in that community wins. And then there's the other half of this, Costa Rica, who unilaterally loses in this situation. There's no one really for Costa Rica to negotiate with anymore, Even if, the new president's emergency measures gave them some kind of legal authority to do so, those decryption keys are probably gone, like, lost in this chaos, behind which sits access to the entire government's back end. Leon pointed out to me that even if they could turn these systems back on, they're now months out of date and need to be basically rebuilt.

Speaker 3: This will have to be rebuilt again because the if it has passed a lot of time right now, there will be another monthly declaration of the VAT in the beginning of June. It is clear that this this will continue the same, and this will be very, very difficult to to restore because as time passes, you also let's say that you can recover the information as of April 18. But right now, you have to review one month and a half. It will be almost two months. And as time goes going keep keeps going, it may be more difficult to rebuild all the information. We are not talking about two invoices per day. We're talking about a lot of information.

Speaker 2: Well, could you imagine trying to do taxes without the system that manages taxes? Yep. Like, imagine there's, like, big paper registers being filled out right now to track because the government still needs revenue. I'm imagining they've got some emergency, like Sure. Funds coming in from the IMF or something to help deal with this. But, like, at the same time, it's like, I couldn't even imagine trying to reconcile national taxes back into a data system and expect the data to go in cleanly. Like, it's a surprise that it even works when it's all functioning, let alone, like, trying to rebuild it off of, like, whatever they're doing, spreadsheets or paper registers or however they're whatever Band Aid solution that they've, you know, spun up to help deal with it.

Speaker 1: So, really, all you can do is rebuild. Yeah. And Leon doesn't think they're likely to get those keys. He wishes they would, obviously, but seeing what's happened to Conti, he doesn't think it's super likely.

Speaker 3: Given that we are in the middle, of the storm, of Conti's storm, it will be difficult to estimate what will happen with the cost of reconveneres. It's not that they will okay. We are separating. Okay. I will give you the the keys to reestablish your information that will not happen.

Speaker 2: It it's almost like, what's the harm now? You know? Yeah. If Conti's mostly gone, somebody must have the keys. You know? They didn't throw them away. You know? Like, they're sitting on somebody's thumb drive. Like, you you assume selfish greed would take over at some point, and somebody who has possession of them would just be, like, yeah. 10,000,000? Sure. Here it go. Like like, who doesn't want $10,000,000 for somebody that's sitting on their thumb drive? Like, I just assume greed would would solve this problem.

Speaker 1: So we wrapped up by talking about what this is probably gonna mean for Costa Rica moving forward. This was a publicity stunt for Conti, but it has been the exact opposite for Costa Rica. They have been identified as a victim of a cyberattack. They have been identified as being vulnerable in news story after news story, as being kind of this first, a whole nation declaring a national emergency for a cyberattack. It is a bad look that makes them look like a really good target. So they have to rebuild. But now they have to rebuild way stronger than they were before because now they have a reputation as being vulnerable. So if they don't, this is probably gonna happen again.

Speaker 3: So this was the first emergency operation for a cyber attack or for a non natural disaster. This may give the government more flexibility to solve the the situation and also to build a stronger system, because at the end, if we can put in place all the information for this attack, unfortunately, we have been in the news all over the world, and and we are right now being known as the systems that lack a lot of security measures. So if we reestablish the system but do not improve all the missing points of the security standard that we have, we, for sure, may receive another attack. So, this is very important.

Speaker 2: This is a shot across the bow at, I think Yeah. Most major governments. Like Mhmm. Their data is inherently vulnerable. Like, Like, you can implement systems and duplications and hot sites and millions of ways millions of dollars worth of ways to try and make sure that your data stays good. But, like, you know, tape backups, you know, classic. Put it on a tape, put that tape in a safe. Can't can't can't get to that. But the, you know, seeing a nation be crippled so quickly by by by pretty, like I don't wanna say it's basic malware, but, you know, malware that harasses my auntie. Yeah. Yeah. Similar similar similar data systems that that harass, like, you know, layman, and they're like, you know, family photos to, like, shut down a nation and turn off of its, like, financial systems. Like, that's a big deal. You know, so I think there's probably the CIO and CSO of every major government, or every government probably, read those news articles on day zero and probably went, oh. Like, yeah. Yeah. Thank God this isn't us. Completely. We've heard about it heard about it happening in hospitals, police services, intelligence associations and agencies. You know, it's it's I don't know. The more we lean on it, the more vulnerable it becomes. You know?

Speaker 1: Leon's hopeful that they're gonna be able to rebuild. He's hopeful that this kind of an extreme situation is an opportunity to get their, you know, cybersecurity house in order to, you know, sort of transform themselves like Conti is from being a target into being, like, too much trouble to target. And like you said, it's probably a really good lesson for the rest of the world. If what this story tells us is that these independent groups have reached a level of, like, power and capability where they can kind of just shut down a whole country just for the publicity of it, just to rebrand, You gotta wonder what they're gonna do the next time one of them gets backed into a corner? Thanks for listening everybody, and thank you in particular to Leon for chatting with me for this episode. I appreciate your time and your insight, and I hope all is well. If you like hacked, patreon.com/hackedpodcast. Best way to support the show. Thank you to our new patrons since the last episode, Sylvester, Mark Walsh. Welcome, crew. That's patreon.com/hackedpodcast. Thank you for listening. That is another episode of Hacked in the Bucket. Catch you again soon.

Speaker 9: This episode is brought to you by Nespresso. Being the best version of yourself is an everyday journey, and it begins in the morning by taking a moment to ground yourself. With the new Nespresso Vertuo Up coffee machine, morning routines become rituals. Just one gentle press. And coffee brews, unfolding into whatever you need today. Bold or delicate, iced or hot, familiar or new. Press to explore. Every coffee, a new world. New virtual up. Shop now at nespresso.com.

Speaker 8: Some days you want a little extra oomph to your usual look. Whether that's lashes for days with the viral liquid lash extensions mascara or awakening your eyes with a lasting lift and soft color with the brilliant eye brightener, Thrive Cosmetics is your go to when you want to amplify your everyday look. Whether you want a simple, just got to get out of the door routine or full glam, You'll always look and feel like the best version of yourself with Thrive Causemetics. Plus, every product is 100% vegan, cruelty free, and made with clean skin loving ingredients that work with your skin, not against it. And for every product purchased, Thrive Cosmetics donates to help communities thrive. So every time you use your favorite Thrive Cosmetics product, you're helping communities you care about too. Amplify your everyday. Go to thrivecosmetics.com/shine26 for an exclusive offer of 20% off your first order. That's thrive cosmetics, c a u s e m e t I c s dot com slash shine twenty six.

Speaker 10: Shipping, billing, admin, payroll, marketing. You're managing all the things, so why waste time sending important documents the old fashioned way? Mail and ship when you want, how you want with stamps.com. Print postage on demand twenty four seven and schedule pickups from your office or home. Save up to 90% with automated rate shopping. That's why over 1,000,000 small businesses trust stamps.com. Go to stamps.com and use code podcast to try stampsstamps.com risk free for sixty days.