Wizard Spider

Speaker 1: The number one thing to understand about the people who run these campaigns is they do not think of themselves as crooks. There's a small part of their brain that must know it, but that is overwhelmed by the bit of their brain that cast this as a business.

Speaker 2: Jeff White is an investigative journalist, and he's looking into this guy who goes by the online handle Stern. Stern was, according to the accusations against him, the leader of one of the biggest organized ransomware gangs on Earth, a group called Conti. Heard that name before. You've heard that name before. I heard

Speaker 1: that name

Speaker 3: before. Somewhere before, Jordan.

Speaker 2: It's on some cybersecurity show. Conti was a Russian speaking ransomware operation. They came out of an older Russian crew. By 2021, at their peak, they're pulling in something like 180,000,000 US dollars every year. They ran like a network. Affiliates around the world broke into companies, stole copies of the data, deployed Conti's malware to encrypt the originals, and then the demand, often millions, typically in crypto, for the decryption key. Pay, and the stolen data stayed offline. Don't pay and it didn't.

Speaker 3: That group's name was wizard spider.

Speaker 2: Shattered eagledome.

Speaker 3: No. It actually was wizard spider.

Speaker 2: Was it really? It was Yeah. Yeah. I thought that was I know they had many names. All of these groups do. That's funny. What wasn't funny, their victims, hospitals, schools, governments, Ireland's National Health Service, the government of Costa Rica. We talked about that one here on Hacked. Hundreds. And Conti was famously corporate. Most ransomware crews pay their affiliates a cut. Conti paid their salary, payroll on the first and fifteenth of the month. Performance reviews, an HR department, and employee of the month.

Speaker 3: That's what I'm saying. You know? Malware is a service, malware is an enterprise.

Speaker 2: And in this LinkedIn post, I'll explain how to synergize them all. Stern, allegedly, was the boss. Now part of the trick of being the boss of an international cybercrime syndicate as I understand it, don't appear in a lot of photos.

Speaker 3: Checks out.

Speaker 2: You've heard the old adage, no press is bad press. Broadly speaking, untrue for the heads of cybercrime gangs. You're gonna wanna keep a low profile, Scott. And at the time that Jeff was looking into him, there was basically, like, one known photo of Stern. It's the photo in his Interpol notice. Until, as part of his reporting, Jeff gets this message.

Speaker 1: Someone on Telegram put us onto a social media account for someone who is very popular on social media. They're an influencer on social media.

Speaker 2: It turns out, Stern, this rarely photographed kind of unassuming alleged head of a vast cybercrime network, is friends with an influencer. Of course.

Speaker 3: I was about to say it. Are they themselves an influencer? Because that would be extra funny.

Speaker 2: They were not, but she was. And this woman has a pretty significant, like, social media following.

Speaker 1: And so it was all these videos, like, thousands and thousands of video and with millions of viewers, some of these videos. And I thought, well, surely, you know, the world's most wanted hacker, you know, the Internet's gangster number one, according to the accusations against him, he's not gonna appear in these videos. Oh, no. He's there. He's waving at the camera and, you know, bopping around to music, seen on holiday, you know, driving around in the car with this with this other individual. Absolutely amazing.

Speaker 2: Jeff White has spent, like, a considerable amount of time researching Conti as part of a new upcoming series for his show Cyber Hack for the BBC. It's the third season. First two were definitely worth a listen. I rarely get to spend months combing through leaked communications between cybercrime operators, unraveling the tangled corporate bureaucracy of some of the world's most prolific digital criminal operations. But he did. So naturally, I had some questions. Jeff White, author and investigative journalist, was kind enough to chat with me about Conti, about translating Russian hacker slang, about the history of this group, and the future of this kind of crime on this episode. Without further ado. Without further ado. Of Hacked. Jeff White, thank you so much for joining me.

Speaker 1: Thanks for having me.

Speaker 2: I'm a big fan of your work. There are a lot of things to pull a reporter to this story. What pulled you to reporting on Conti?

Speaker 1: Well, I was looking for a way into the ransomware story, and and the BBC World Service and the BBC who make the podcast, the Cyber Hack podcast, were also very interested in that. Obviously, in The UK, we've had some very, very significant ransomware attacks over the last year or so. There was a point where the ransomware attacks actually had an impact on UK's GDP. You know, our our national bottom line was affected, by ransomware attacks. I heard a stat the other day that the government reckons cyberattacks in UK cost us something like £15,000,000,000 a year. You know, it's it's about a half a percent of our GDP goes on cyberattacks now. It's absolutely astonishing. So we wanted to weigh into this, but we also wanted, as we always do with these podcasts, you know, some colorful characters, some thrilling stories. And the most important thing was that to tell a story for me anyway, you need three things. You need a a victim, you need a villain, and you need a hero. You know, it's pretty basic stuff. Often, you getting the heroes is actually not not not usually too difficult. You know, the police, you know, talk about how you know, the great things to do. That's great. Getting victims has always been quite difficult, but has got a little easier over the years. You know, the people wanted to speak out about what's happened has got has got easier. Getting the villains is is pretty hard as you can imagine. You get stories of cyber criminals who've been in prison and come out, you know, people have gone straight, you know, having broken the law. But what we had in the Conti gang, which is remarkable, is actual contemporaneous conversations that they were having at the time they were doing the hacking, which was subsequently leaked. And so you can hear them talking about the stuff they were doing as they were doing it. And so we've got instances where we sort of line up, you know, what the victim was experiencing and then we line up what Conti was saying about in the background. Absolutely astonishing.

Speaker 2: Yeah. Oh, there's so much to unpack there. Victim, villain, hero, and this debate inside of Conti, not as to whether or not they wanna be the villain or the hero. I don't know if it ever quite gets up to that point, but about what kind of villain we are maybe.

Speaker 1: Yep. Absolutely. And, actually, that's a really astute observation because Conti I have this theory that if you're going to do, you know, advanced cybercrime, you're you're bright. You're a smart person. And you've got to wake up every day, and particularly with ransomware, it's quite hard to escape what you're doing. You are basically blackmailing people, threatening people, intimidating people. I don't think as an intelligent person, that's really what you wanna wake up and do every day, but that's your job. So you have to have some psychological framing that allows you to do it. And the way that gangs like Conti and other ransomware gangs do this is they reframe it as a business. You know, we're a business. We have we just have this software, this encryption software that turns out to be really good. And, well, you know, I guess you've been caught by it, and now you have to pay us some money. You know? They they they've described themselves, some of these gangs to me in in chats, as postpaid penetration testers. So you would normally hire penetration testers to do a test. Well well, they've done the test. You just didn't hire them. Well, now you owe them some money because you got the results there. This is the framing that they have. Now what's interesting about that is the way that breaks down within the actual gang, within Conti, is sometimes you have people who who who, you know, really draw red lines around what they're going to do. They they say, we don't attack hospitals, and and we have to negotiate, you know, with the victims. We have to give them a a fair chance, and we have to really be professional. We need to be professional here. And you've got the other extreme, people who say, I'm a computer hacker. I'm gonna do what I like. I'll attack a hospital, and I'll, you know, drag them through the dirt if I have to to get the money. So you get this range of people within this gang from the very, very hardcore criminals to the kind of people who say, no. No. We're a business. It's fascinating. Really fascinating.

Speaker 2: That's so interesting. It is a little

Speaker 1: bit like

Speaker 2: likening the classic trope of, like, the mobster threatening someone. It sure would be terrible if your business burned down as being like, well, that's pre fire insurance. It seems a little, I don't wanna say disingenuous, but I have a hard time wrapping my head around that one.

Speaker 1: Yeah. I mean, they they you know, I think this is one of the big revelations for me is is you'll have had this, you know, Jordan, that that people describe Cybercrime as a business. You know, it's a it's a nine to five business. I've heard that so many times. But when you get up close and personal with the Conti gang and you read through their messages, it suddenly dawns on you quite how much of a business this is. It is they have they have payroll. They have sick pay. They have holidays. They have a bonus scheme for operatives. I mean and what was interesting was they've got two problems at Conti gang. One is recruitment. They've got to get people through the door. They've got to hire people. And, of course, they can't be really honest about what they're doing, So they have to subtly suggest to people what they might be doing. And they also have to, when people realize that this is gonna be a criminal enterprise, they have to reassure people that they're hiring and say, no. No. No. We you know? Yeah. We're a cyber comm gang, but, you know, you can trust us. We're gonna pay you. It's gonna be professional. We'll teach you. We'll train you. I've seen them talking about, you know, we we take good guys and we hire you know, we bring them up. The second thing they've got, obviously, the the ransomware gang is when they go to the victim, they've gotta convince the victim that even though the gang has done something awful to them, you know, they scrambled all their data, they've stolen all their data. It's okay because if you pay the ransom, you can trust me. I'm gonna decrypt the data. And that's where the professionalism comes in again. It's it's, you know, you give us some ransom. We have got the decryption key here ready to go. You know, we'll send it to you, and we will make sure your files are decrypted. Some of them even offer a a sort of report about how they got in so that you can secure your weaknesses. It's that level of professionalism is is core to what these gangs do and how they are.

Speaker 2: That's so fascinating. We've been talking about these gangs for a while, and the corporatization of them is maybe the most interesting thing. Like, you you brought up, they have HR departments. They have monthly payroll. They have salaried programmers and employees. You learned so much about how this group works based on this moment, and I'm wondering if you can kinda take us back to it. It was like I think it was 2022. Russia's just invaded Ukraine. Conti's kind of come out publicly in support of that. And within days, an insider there dumps this corpus of text. Take me through that moment and what you learned.

Speaker 1: Yeah. Yeah. So it's worth noting Conti at this point were riding high. The end of twenty twenty one, they were making loads of money. The FBI estimate for Conti's take in 2021 was a $158,000,000. That is a vast underestimate. That's just the ones they knew about and the sums they've added up. And so you see in the chats this brilliant moment at the end of twenty twenty one where they're just they they're gonna take a month off. They're gonna have a party over Christmas. And they've there's there's a comment in the chats which is really interesting, which is, you know, 2022 will it's gonna be as good as 2021, even better. We're gonna push this. And then, of course, as you said, the war happens. Now who leaked these messages? We presume it's an insider from Conti. It's certainly somebody who had access to Conti's messages. But from the researchers that I've spoken to and from whom I've heard, a lot of researchers were sniffing around Conti. A lot of the cyber security companies were trying to access and penetrate this gang as well as law enforcement in The US and The UK and and so on. It's feasible that it was law enforcement that leaked them. It's feasible that it was somebody some intelligence agency. It is also entirely feasible it was a member of the gang because, as you say, Conti declared support for what Vladimir Putin called his special operation. That was not the uniform view of the gang. There were people in the gang who were based in Ukraine who freaked out when the invasion happened. And so it's possible this was an act of revenge by one of the Ukrainian members of Conti. What we got as a result of that was actually two leaks. Firstly, the Conti leaks, and then secondly, a thing called the TrickLeaks. You start to get into the weeds of these gangs here, but but before Conte, there was a gang called Trickbot, which seems to have been servicing members of Conte and then effectively seems to have morphed into Conte. I had to explain to the BBC that these these gangs don't have corporate registration documents where we can go and look up, you know, when they were created and who their directors were.

Speaker 2: Sure. It was not a a formal acqui hire where we can trace the owner. Yeah. I got you.

Speaker 1: Yep. No company's house for ransomware, unfortunately. So it's it's kinda murky. But so what happened was that the Conti Leaks came out, and I was aware of them. I'm sure you were. Lots of people in the industry were. You know, this huge leak of data. The Conti Leaks is about 75,000 messages or so. And then we have the Trick Leaks, which comes out, which is another 200,000 messages. It was fast. This is every message that the members of the gang type to each other every second of every day for about two years. It's just astonishing. I've I've been trying to quantify this and work it out, but I really think it must be one of the biggest data dumps of criminal activity that that's ever been released. You know, when you put a gang under surveillance with a wire, you might get a few hundred hours of of tape, but this is two years. This is set 300,000 messages. But there were problems obviously with, interpreting those messages, which I'm sure we'll go into. But it's an amazing, amazing, amazing resource and one that I really wanted to have in our podcast so we could hear these guys, literally hear them in their own words.

Speaker 2: It's such an amazing, like, body of information for a reporting project like yours, but I wanna I wanna talk about what you just brought up. So it's like, what did what did we learn about this group from this leak, and then what were the challenges in interpreting this information? Because it's it's not a nice clean, you know, little zip folder of easily parsable stuff.

Speaker 1: Unfortunately, it's not. No. I mean, look, we learned a huge amount as I've talked about about how the gang operated, about their sort of bonuses and incentive schemes, the holiday pay, and so on, how they recruited, how they retained staff, what their pay rates were. We also learned some really interesting things about how the gang proceeded as they went along. So, one of their members gets arrested, a woman called Ala Witt, who was fascinating. She she's Latvian originally, and she's 55 years old, I think, when all this happens. So she's older than a woman, which is very unusual demographic for cybercrime. She gets arrested. There's a whole tale which we tell in the podcast about how that happens. So we can see that that arrest happened, and we knew about the Alawitt case. What's fascinating from the leaks is you can see when that happens, the Conti gang for start took ages to find out about it. They didn't realize that this person had been arrested. And then when they did, they didn't realize that she was a 50 year old woman, 55 year old woman. That came as a huge shock to them. And then they suddenly realized that she's in The US, and she's potentially gonna give The US authorities access to the data that she's got in the or they might somehow force her to give access or gain access. Yeah. That's bad. So the gang suddenly realized they've got to spring Ala from prison somehow. They've gotta get a lawyer to defend her. But then there's this thing of, well, yeah, we have a lawyer, but how do we pay the lawyer? Because we're we're Conti. We can't really send a check. So they try and work out how they can use money that they were gonna get from a US victim of ransomware and somehow channel that money through to the lawyer to to in The US. Absolutely amazing. And because all this is unfolding as, you know, as Allah's being, being arrested. But the other thing that was interesting, you you mentioned how how the the data is presented. There were a number of challenges with this. In addition to the fact it's a huge data dump, the gang were using a thing called Jabber, which would be probably familiar to you. It's it was a sort of dark web chat service. And in the Jabber software, it would have been done in chat rooms. So person a talked to person b in one room, person c talked to person d in another room. When the data gets released, it's all in time order. So you're scrolling down and it it's like somebody's taken your WhatsApp and just listed all the messages in order. You know, you you so you start following a conversation along, and you're trying to get the hang of what they're talking about. You start following oh, okay. And then suddenly two completely different people or more start timing in and talking about something completely different. So you've got to remember the conversation you're following along. Now follow a new conversation. When the old conversation comes back, pick up from where you left off. It it it is it is the single hardest thing I've I've done as an investigative journalist in the ten years or so I've been doing this. It is it was mind blowing. I'm 45,000 messages in, and I'm still going. It's, it's difficult.

Speaker 2: Just practically, and I wanna stay on Conti, but are are you do you have a team of people working with you, or are you just locked in with these documents by yourself?

Speaker 1: We have a team of people. The BBC has a we've got a fantastic team, actually, people working on this podcast, and they're doing great stuff. But with this, it's just me. And the reason for that is it would only really work with one person going through it. I suppose you could farm out bits of it. But because it's such an amorphous set of data, you need to go through it and get the hang of it. Once you get the hang of it, you start to realize what you're dealing with and you start to get an eye for it, if I can put it like that. So for example, it's all in Cyrillic. The original chats were obviously in Russian, because the vast men majority of them was the gang of Russian. As the they've been translated through LLMs, but the LLMs struggle with Cyrillic characters. So the classic example is they keep talking about the cue ball. You know, who's got the cue ball? And you think, is this snooker or pool? What you know, what's going on here? It turns out when you spell Bitcoin in in Cyrillic, it's Bitcoin, but the the n at the end looks like a v. And so the let LLM's translated as v, which would be bitkov, which in Russian is cue ball. And so whenever you hear about I'm talking about the cue balls, it's like, oh, that means Bitcoin. And then there's other things where they they they drop into slang. I mean, there's a huge amount of hacker slang going on here, of course. They they keep talking about the grandmas. You know, who's got the grandmas? And, again, you think, what why are they obsessed with their their grandparents? What's going on? And it turns out in Russian, obviously, grandma is babushka, and there's some word like babiao or something, which which means cash or money. So when they're saying, you know, who's gonna drop the grandmas? It's like, who's going to give us the money? So as you get the hang of these things, as you're going through, you just get this sense and this eye for what you're trying to translate. But there were some hilarious mistranslations of what, what what the Conti gang said. It's absolutely astonishing.

Speaker 2: Because of the nature of their business, extracting and in some cases, like, double like, holding on to people's information, there's this interesting Russian nesting doll of whose information is coming out. You've got their leaks coming out, their chats, their internal business process, but they've been stealing other people's information that presumably is being reflected inside of that larger thing. And some of the information they've stolen over the years, I wanna talk with you about is fascinating. There was the September 2021 story involving it was a London jeweler who had it was, I think, it was close to 70,000 client documents with some, let's call it large names inside of that that leak. Can you tell me a little bit about that, part of the story?

Speaker 1: This was a fascinating case. And in the podcast, we've been trying to reflect the different types of cases attributed to Compton. So attacks on local councils, health care, and Graff was a really interesting example because it's a, as you say, it's a jeweler. It's a commercial company. Graff is one of the world's biggest jewelers, and they sell jewels to incredibly wealthy people. We we actually interviewed a historian, a jewelry historian who who, you know, has written books about Graf. And, you know, it was a nice warm up question. I said to her, you know, can you tell me some of Graf's famous clients, you know. Because I've read in the news some people say, oh, I got this from Graf, this necklace or and she said, no. No. I cannot tell you a single name. And I said, oh, come on. You you know, ancient you know, people from the past, you know, celebrities of you know? So no. No. No. I will. And and this is this is key to the story as Graph is, like a lot of these companies, institutionally private and secret and discreet. You do not you know, when you go into Graph, you are you are taken in through the side door, your chauffeur exactly. You know, nobody knows that you've been there. So it would be awful, wouldn't it, for Graph's entire contacts database and customers to be leaked? But that's what Conti were threatening to do. They they basically broke into Graph, and they do two things. They scramble the data. The problem with that is if the victim's got backups, then the victim can refuse to pay the ransom and restore from backup. So Conte's solution to this, like a lot of ransomware gangs, was double dip ransomware. You steal the data, and if the victim refuses to pay, to have it unscrambled, you say, well, fine. But I'm gonna leak the data that I stole. So you've got a second incentive to pay. That's what they were running with Graph. They started leaking tidbits of the information to to put pressure on Graph because Graph were playing hardball refusing to pay. And and one of the things they leaked was customer data. There was a journalist at the Daily Mail, The UK newspaper who who found this. He's actually a freelancer. He found this, and he wrote a story for the Daily Mail because what he found was was details of Donald Trump and Obama and David Beckham and people like this. Not Obama. Sorry. Oprah Winfrey. Those I mean, missed out. The two o's in the names confused me there. Obama may be a customer of Graph. I don't know. But, you know, the famous things customers. And, this was this was a big problem actually for Conti because, obviously, they're, you know, they're doing this to put pressure on graph. But as soon as people found out that they were in this database, that had been leaked, they obviously started getting extremely angry. And it seems that someone in that list contacted Conti and said, you take that down or we will come and find you. I mean, the way it was explained to me was, if you offend the FBI or the UK National Crime Agency, they might indict you, put you in prison. You offend some of the people at that level in society, they are just going to kill you. And what we got afterwards was an apology specifically to the Saudi royal family. So presumption from some is that the Saudi royal family contacted Conti and said, take that stuff down. Because Conti apologized to the Saudi Royal family and said, so sorry. We we we leaked this information. And, you know, apologies for any inconvenience caused. We will, of course, delete this. Now what's interesting because of the leaks, and this is one of the great things about being able to see the leaks happening at the time the story was happening is we know Conti did no such thing. They did not delete the data. In fact, there's a quote from the leaks which some researchers at company called CyJAX found for us, which says, we can shake and shake with the sheikhs. As in, we have the sheikhs data from Saudi Arabia and we can, you know, we we can potentially blackmail them again. So just as you I don't trust a thief. Who who would have knew?

Speaker 2: That is fascinating. In a relatively sinister story, that's one of the more sinister moments.

Speaker 1: It is. But what's what's interesting is, again, when people said, oh, well, you know, Conte would have been intimidated or threatened, you know, to make this happen, I did have some skepticism then. I thought, well, really? I mean, that it's quite nasty guys. And who's gonna put the squeeze on them? But in the leaks, they they actually say that. They say, you know, this is they talk about some of the celebrities, and they say, yeah. But there were these are heavy guys in there. We we, you know, we have to sort this out. We can't, you know, we've gotta make nice here and and then apologize. So, actually, it is true that within the Conti gang, from what the leaks suggest, that they were worried. They were they were scared once they realized who was onto them and what stuff they leaked. I thought that was really fascinating.

Speaker 2: To go back to victim villain hero, this character I wanna talk to you about last year, German police, publicly named, a character named Stern, 36 year old Russian, named Vitali Kovalev. I'm sure I'm pronouncing that adjacent to correctly. Now under Interpol now under Interpol red notice, and you ended up with a video of the man himself. Take me through this character and and what you saw.

Speaker 1: Yes. Well, Stern, as you say, the the German authorities named the the head of the Conti gang, who we knew went under the alias Stern, as Vitalikovlev, this Russian national. Should be said, well, we haven't heard from Vitalikovlev. We don't know what his response to all of this is, but the accusations against him are piling up. And according to US authorities, he's got a very, very long history. He first seems to pop up in the kind of twenty tens as far back as that, being accused of doing money laundering for cybercrime gangs. A really big gang called Zeus, actually, who used a virus called Zeus. Kovalev's accused of operating back then as a as a money launderer for that group, but then seems to have moved into other viruses and apparently into ransomware. Ran this gang and in in the chats, you see Stern pop up. And he's an interesting character because he's quite tackater and he doesn't say much. And there's also this interesting thing where there's a number two in the gang called Mango, who is basically the office manager. I don't know about you, Jordan. There's always when I've worked in offices, there's always been a person in the office who actually makes the place run, and everybody knows that. But nobody really fully acknowledges it because nobody because then then, you know, that person would know and they'd offer pay wise. Mango's like the diver who holds it all together. And as the as the Conti gang go on, Mango's just getting more and more frustrated with Stern, because Stern's got the money. And Mango keeps so everybody has to make Stern happy. But Stern is also incredibly distracted. Just always his mind is always somewhere else. He's always doing something else. So Mango is constantly frustratedly going back and saying, look, we've gotta get this project sorted. I'm working really hard here. Why, you know, why are you such a soft touch? Why do you keep paying people when they're not doing the work? You know, we have to, you know, really crack down on this. So Stern's this interesting character. I describe him as a bit like the sort of the guy in the office, the kind of David Brent character, the the chap who runs, you know, who's effectively been promoted above his station doesn't really want to be there. He's risen

Speaker 2: to the level of his incompetence, I think, is the thing that people say. Yeah. Yeah.

Speaker 1: Yeah. The Peter principle, I think they call it. But, yes. But yeah. So so so as I say, you know, we got this name, Vitaly Kovalev. We await his comments, and we welcome any comment from him if he if he wishes to address the accusations against him. But someone on Telegram put us onto a social media account for someone who's very popular on social media. They're an influencer on social media, and they're very close to Vitalik Khovlev. And so there's all these videos, like thousands and thousands of video and with millions of viewers, some of these videos. And I thought, well, surely, you know, the world's most wanted hacker, you know, the Internet's gangster number one, according to the accusations against him, he's not gonna appear in these videos. Oh, no. He's there. He's waving at the camera and, you know, bopping around to music, seeing on holiday, you know, driving around in the car with this with this other individual. Absolutely amazing. And it's just it was very satisfying to find that because we've got one mugshot of this guy. And to find a sort of interior life for them was really interesting. What was disconcerting was we have this image, don't we, of cyber criminals with the hoodie, you know, and tattoos and, you know, rings on the fingers. He looks he just looks he's got this very benign face. And, yes, he he is apparently behind all these crimes according to the accusations. But if if you I have this thing that if your car broke down and you needed someone to help you push it, you'd look at him and think, oh, he he would probably do that. He's got this bearing that's just really interesting. And so I thought, had Will Trump reconciling that with the accusations against him.

Speaker 2: Sure. The Office David Brent type character versus the, the body of work, call it, that you're looking at.

Speaker 1: Exactly. Precisely. Yeah. It's interesting.

Speaker 2: That's so interesting. I wanna go back to you brought up Mango and the kind of, like, intra Office, call it idea guy versus executor type Yes. Yeah. Dynamic that they have. It sounded like there were from my reading about it, there were other tensions that emerged too. And I I find that so interesting to go back to the moral, the really narrow little moral path that you're trying to walk of what will we and won't we do in this fundamentally, you know, pretty tricky business model. Some of the leaks captured an ethical argument between the operators about, say, things like hitting health care. And I know Mango comes up in those debates a lot. Yeah. Tell me about that. I wanna zoom back in on that kind of prickly moment post COVID where do we target health care in this moment of all moments?

Speaker 1: Yeah. It was it's a really interesting running debate within Conti, and it it was not a homogeneous gang. And one of the key drivers for that and the reason that Conti was was fractured from within was because of a business decision that Conti made that, again, a lot of other ransomware gangs made to adopt an affiliate model. Your main problem with ransomware was spreading it. Writing ransomware is is hard. It's a coding challenge. But once you've written it, you've got to infect some victims. Sure. If you are a coder, I think I have this idea that hackers are just one thing. You know, you're a hacker. You just hack. So, well, I can invent encryption software, but but spreading it and writing phishing emails and and then negotiating with victims to pay ransom, these are separate skills. You might get some per people who have all of them, but more likely they're gonna be separate people. So the people who write the ransomware are not necessarily the ones who are good at spreading it. So Conti developed as other gangs have and used an affiliate model. People could sign up to the Conti gang, get a copy of the ransomware, and then distribute it. And when the ransom was paid, usually 80% would go to the affiliate and 20 to the virus writer, to the Conti gang, which immediately also gives you a a very hard metric about who has power in that situation. You know, without the affiliates, the gang would be nothing. Conti would be nothing. And also, there was competition for affiliates. The affiliates could work for multiple different gangs. So it's a bit like these taxi apps. You know, each taxi driver could have five or six apps. So the app provider has to lure the taxi drivers in. Conti did the same. They offered their affiliates good rates. They offered, again, to support them, to bring them up, to bring them into this gang. Join us with the biggest in the world right now. That's that's what got said at one point. The problem with the affiliates was you get scale, but you lose control. You know, as any organization that scales very quickly knows it's difficult to keep control. And an affiliate model is particularly hard to control. And so you got members of the gang who went rogue, went freelance, started attacking targets Conti didn't even know about. Some of the targets got attacked. Stern claimed he didn't know about. He didn't know that that was going to be attacked because that's not his job. He's not choosing the targets. That's the affiliate's job. So you've got this interesting push pull between the affiliates and the core gang, and health care was absolutely at the heart of that. Some members of the gang were absolutely clear. We do not attack health care. Other members of the gang, particularly, an individual called Target, who's incredibly aggressive, deliberately target hospitals. Apparently, several 100 hospitals were were on Target's list and did not care and absolutely rejoiced, it seems, in in in attacking hospitals because they paid up because it and then you get this gray area in the middle where gang members hit a target that doesn't look like a hospital, but then one of the other gang members says, yes. Yes. It's a hospital. And then this argument breaks out saying, no. No. It's a physiotherapy place. There's one brilliant moment where they hit, I think it is a physiotherapy center. And the person who hits it says it's not a hospital, it's physiotherapy. And the person controlling them, their their their handler within the gang says, this is health care. We said we wouldn't attack health care. And then the the affiliate says, but we've we think they're gonna pay something like 3,000,000 in ransom. And suddenly the conversation changes and the handler says, oh, okay. Well, alright. Well, we will keep going with this. But don't don't do it in future. No hospitals in future. So there's this really interesting debate around what is health care when you don't attack health care. And when somebody put some money on the table in front of you, your psychology around that can change pretty quick.

Speaker 2: Wow. Inside of Conti, do you think that that's a moral thing or an optics thing? Like, I know in Ireland, the HSE attack health service executive, they're kind of publicly funded health care, apparatus call it, was attacked, and it was 20,000,000. Like, it was way bigger than even that. Like, is that a is that a moral thing? Is that an like, oh, we're just gonna get even more heat if we go after these. What do you attribute that to?

Speaker 1: It it's it's a real mix. I don't doubt there were people in Conti who had ethical concerns about hitting hospitals. There was discussion in the Conti chats about people's relatives dying of COVID, so they knew this was a global pandemic. There are some people in Conti who have concerns about hitting health care, as you say, because it will put a target on your back. You do not want to be, during the middle of pandemic, tanking hospitals. There are also people who are prosaically thinking, well, hospitals don't generally pay outside of The US. The HSE example is is a perfect example. Ireland's health service executive runs basically the country's hospitals immediately when they were attacked said, we're not paying. Don't even think about it. We're just not gonna pay. Ireland's HSE was given the decryption key at a certain point, and then it's very probable that's a factor in it. The gang knew they weren't gonna get, any money out of them. So there's an interesting sort of mix of motivations in there when they talk about we're not gonna hit health care from the sort of ethical through to the very, very prosaic, through to the kind of very money motivated. If I had to put money on it, this gang are so money motivated. They are so acquisitive. If if you're always in doubt about why can't he do something, look at the money, and that will be a few answer.

Speaker 2: Follow the money. If we follow the money from the twenty twenty two hacks that you spent a lot of time digging into, there were there have been more, recent leaks, maybe not at the same scale, I believe in 2025. In terms of where this goes from when you start reporting to closer to where we are now, what's sort of the long arc of this group?

Speaker 1: It it's it's interesting. So in terms of the Conti gang specifically, after leaks in 2022, this was an absolute disaster for the Conti gang. They were already wobbly. There There was already these issues internally as we've talked about, tensions over targeting, tensions between the top leadership team, then tensions over the war, then the leaks. Conti did one sort of final sort of swan song hit, certainly under the Conte name, which was Costa Rica. They attacked the government of Costa Rica. And for a period of several weeks, kind of took Costa Rica's government down. I mean, it's it's rolling pandemonium in in in Costa Rica. And, again, your listeners might be, you know, reaching for Google Earth and thinking, well, where the hell is Costa Rica? And certainly people in in in Europe, it's quite far away from us, would would and it's a tiny country, and why should we sort of care? Well, the problem with that is Costa Rica starts to look like a bit of a test case. You know? If we wanted to take a government down using encryption software, how would we do that? Well, let's have a go at Costa Rica. You know? A small country that a lot of people don't know about. Let's try it there. That's one of the theories as to why Costa Rica got attacked. Other theories are that it was a rogue member of Conti who wanted to show that the gang was still a force of nature. The problem is the con the the leaks obviously run out at that point because once the leaks are leaked, you know, that's it. They kind of all disperse. So we don't know the story of Costa Rica. We all we know is that was their sort of final hit. As to what happens next to the gang members, again, a little difficult to work out. I mean, obviously, the person's accused of running this, stern Vitali Kovalev, we have some insight as to where that individual is now. And satisfyingly, we've got some videos. Believe still in the Russian Federation, that would be very hard given the Interpol red notice against, Vitali Kovalev for him to travel outside Russia without, you know, facing justice. Other members of the gang, because they operated under pseudonyms in some cases, you know, Mango's case, we've got a name and a face for who the German police say he is, you know, and Interpol say he is. It's very possible that if Mango is this person, he just set up under a fresh pseudonym in a fresh gang. You know, they were all working under pseudonyms. So some of them will have got their fingers burned, decided to leave ransomware. Some of them will have joined new ransomware groups. There's also an interesting inf, infrastructure around Dubai. In the messages, we know that Conti started relocating to Dubai. And there's some hilarious chats where the some of the hackers are jealous of their colleagues who go to Dubai because, obviously, if you're in Russia, it's Russia, it's really cold. And they're like, oh, you're going to Dubai. I wish I was in the office in Dubai. So we know there's a Dubai Nexus. Given the amount of cryptocurrency that Conti accumulated during the course of this, my assumption is that efforts in Dubai and elsewhere to somehow get into crypto in a big way and have some outlet for crypto where they can turn that stash of dodgy crypto into fiat money and eventually yachts and houses and Ferraris and Lamborghinis. That's, I think, where the running would be from the senior Conti guys. The UK National Crime Agency and I think probably the FBI as well would say, look, a lot of these guys are just gonna pitch up in different gangs. We're gonna see them rotate around, maybe set their own thing up, maybe become an affiliate somewhere else. Who knows?

Speaker 2: Starting something new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's gonna work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10 of all e commerce in The US. From household names like, well, hacked podcasts merch, to brands just getting started, you can get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button that's used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot, and more sales for you. It's time to turn those what ifs into sign up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked. Scott, what do you like about Shopify?

Speaker 3: Well, there's lots of things to like about Shopify, Jordan. The first thing I like about it is it's easy to use. It's totally web based, has great apps for the phone, integrates with all of the systems, distributions, production partners that we use. It's amazing. It does everything you need. And not only that, now as a consumer as a mass consumer of online buying, it seems like every single website that I go to is Shopify because it automatically logs me in with my shop account. It knows all my information. It does everything for me. So I love it both as a retailer and as a shopper. It is Mhmm. It is like a unified sales platform for the Internet. And if you wanna sell things on the Internet, I honestly don't know if there's another platform that I would use because it's just it's everywhere, and that makes it better.

Speaker 2: If you wanna upgrade your business and get the same checkout that we use, use Shopify. Sign up for your $1 per month trial period at shopify.com/hacked. That's all lowercase. Again, go to shopify.com/hacked to to upgrade your selling today. Scott, one more time for the people.

Speaker 3: Shopify.com/hacked.

Speaker 4: No one goes to Hank's for his spreadsheets. They go for a darn good pizza. Lately though, the shop's been quiet, so Hank decides to bring back the $1 slice. He asks Copilot in Microsoft Excel to look at his sales and costs and help him see if he can afford it. Copilot shows Hank where the money's going and which little extras make the dollar slice work. Now Hanks has a line out the door. Hank makes the pizza. CoPilot handles the spreadsheets. Learn more at m365copilot.com/work.

Speaker 2: Since you brought up governments both in the context of Costa Rica and, Dubai, there's you mentioned this earlier, the office for government topics. Is this concept coming up in the chats? Operator is describing Stern as having connections to FSB, Federal Security Service of the Russian Federation.

Speaker 1: I see. Yeah.

Speaker 2: Yeah. Can you take me through the connection between this group of people and states around the world.

Speaker 1: Yes. It there's a sort of a bit of a pat assumption, which I find slightly frustrating that, oh, these gangs, they're all working for the Russian government.

Speaker 2: K.

Speaker 1: It's not that simple, and and I need to push back on that. I I don't think that's the case. For a start, the one thing that comes across loud and clear from the ransomware gang leaks that I've looked through is money. It's all about money. It is a business, and the bottom line is about everything. Yes. The government might pay them some money. A government somewhere might pay them some money, but it's gonna be nowhere near the millions they're gonna get from a victim. The other thing is if a government comes in, and sometimes this has been reported, sometimes, the government would come in and task one of the ransomware gangs and say, well, you've broken into this target. Could you please now hand us over that access? Well, the ransomware gang thinks, well, okay. We might collaborate with you, but now we're not gonna make money out of that that victim. Max Smeets, a guy called Max Smeets wrote a book called Ransom War, which is all about ransomware. And one of the things he covers in that book is what the ransomware gangs called pioneering exercises, which is where, you know, a Russian gang would get tasked by the Russian government to go and hack some Russian target of interest to the Russian government. They did it because if you're in Russia and the government asks you to do something, it's in your best interest to do that. But they didn't like it because it meant they got no money out of that victim anymore. So for the the way I see it and the way it came across to me, and others may have better information, I don't know, was it was a sort of grudging, tolerant relationship of, you know, the fact that you you you you don't hack Russians for start if you're in Russia. And that's for good reason. It's it's illegal to hack Russians in Russia. As far as I'm aware, and I was told this, the Russian law does not prevent you hacking non Russians. That's not illegal. So immediately, don't hack your own people. If the government comes knocking, you know, do the right thing, kind of, you know. And, actually, there are reflections of that in Western cybersecurity companies, you know, who want to work with government and who, you know, they understand, you know, that it's it's it's it's obviously not the same thing, but you can see, you know, the commonality there of of approach. However, in the Conti leaks, there's also, suggestion that FSB members were embedded somehow within Conti. There's gossip among the members of that. That was actually reported in, I think, a Wired article. And some of the gang members say, well, yes. Of course. You know, they would have been in here. Others were surprised at that. So it it's just not as simple as the Russian government runs this ransomware gang. That's not it's not that simple. Inevitably, they will link. There will be links. But But as I say, there will be links from governments into lots of things within their country. So that's how I put it. It's I I know some listeners will think, oh, so you're being a bit woolly and a bit mealy mouthed there, but but you've gotta call it how you see it, and that's what I see.

Speaker 2: Mhmm. It doesn't strike me as, you know, evasive at all to just say, like, their primary motivation is money. Think of them like a business. They're trying to get a rate of return. They're trying to pull a profit here. But if they're operating out of a place with a government that can either like them and leave them to do their business or can have a pretty big negative impact, you're probably gonna play ball even if it's not profitable, even if you don't work for them, even if the simple story isn't the case. You You still probably wanna play friendly with the cops. Yeah.

Speaker 1: There was a slight change, I should say, after the Ukraine war started. We saw multiple ransomware gangs declaring again support for, for the Russian regime and sort of casting their attacks as patriotic attacks. So again, you know, you start to see alignment between ransomware gangs and governments. But again, there's a there's a money way of seeing that, which is that, oh, well, hey. We can attack these victims and extract the ransom for patriotic reasons. It's like, well, yeah. It's still about money, isn't it, at the end of the day? So but some of the ransomware gang were, you know, were casting this as being we're just gonna take Western companies down. So the Ukraine war did start to change things, and we did start to see criminal gangs moving into kind of patriotic activity. But my suspicion is at the back of it was still either money or a survival instinct to say, well, if we say that, the Russian government's gonna like us and we'll stick around longer. They're less likely to arrest us, etcetera. There's also a game that's played between ransomware gangs, I suspect, of if you want to take your competition down because ransomware gangs are in competition. If you can get friendly enough with the government, with law enforcement, you can tip them off to where that gang is, and they go and they take that gang down, which obviously for the government looks great and for the police, it looks great. And actually for the other ransomware gang is a win because your competitors went out of business. It's a very grubby world they work in.

Speaker 2: That's so fascinating. And you still make that patriotic money. You can feel good about that patriotic

Speaker 1: Yep. Yeah. It's a win win. Yeah.

Speaker 2: It's a win win. Work. Yeah.

Speaker 1: If it doesn't backfire and they end up waiting you, that's the this is the thing. There's all sorts of calculations going on when you're an organized crime, I think. Yeah.

Speaker 2: Yeah. That puts the the law enforcement who's potentially working with them in a very fascinating position of, like, who do we whose tip do we take and whose competition do we take out?

Speaker 1: Yeah. And, actually, I've heard interviews not about cybercrime, but with people investigating, for example, you know, organized crime or terrorism cases. There's one example particularly in Ireland where one of the officers said, look, you know, when you work in these shadowy worlds, you take information and tips from people who are crooks, who are wrong ones, who are terrorists. It helps you because you can then shut parts of an operation down, but you're always aware that your your strings are potentially being pulled by that person. So, yeah, it's it's difficult for not for all law enforcement, for law enforcement who work in that those shadowy type areas. There is a challenge. I think there's a challenge there.

Speaker 2: I wanna go back to your victim villain hero. We've talked about a few of the I guess they would fit into the second category here type characters there. Are there any that we haven't talked about? We've talked about Stern. We've talked about Mango. We've talked about their moral disagreements and the inter office politics. Are there any other big characters inside the gang that you you you wanna point at?

Speaker 1: We there's a whole of characters. And, actually, one of the difficult things in the in the podcast was working out which ones to sort of follow. Sure. In my mind, it's it was we've always ever only ever going to concentrate on three. And, obviously, you know, the leader, the office manager, the incredibly aggressive guy who just goes off on one all the time. And we we obviously need because of podcast, we wanted to voice up these chats. So we we got a a a group of actors to come in, you know, Russian accented actors to, to read out the the, the the chats. And they did they just did fantastically well. It brought it really to life. The only problem was I mean, these these chats are full of swear words. These guys are, you know, using the f word all the time. And it sounded great. They read out these words, particularly Target who's incredibly aggressive. Some of those were absolutely great. I then got told, I think it was the day after, by my BBC bosses that, we weren't allowed to have swearing in the, And and we couldn't even bleep it out because I think the I think American broadcast authorities don't allow bleeped out swear words even. So we sound, god, we just couldn't have told us that. We just voiced all these swear words. So there were all these other characters. So what what I did in the end was said, look, we'll have the main three characters. We'll have some Stern, Mango, and and Target, you know, developed as characters. But we'll have what I call the the Rosencrantz and Guildenstern, who are two characters from Shakespeare, who were sort of backstage characters. But, famously, the a play was written making them the main characters. Yeah. There's a whole set of also rands who have interesting stuff to say. So we just sort of voice them up in kind of generic things. So that they kinda come in and people come, they come in and out. Because it's funny that there's this sort of gossip by the lower level members about the higher members, and so you needed to have some of that gossip in there. But if you started trying to explain who all these people were, it just got out of hand. So we kind of went, okay. It's the main three. And then, you know, two two kind of bit players who just play the parts of, you know, of all the others. Like, you see in plays where somebody goes off and puts on a wig and comes back on. You know, it's it's that kind of thing.

Speaker 2: That's really good. And then the third category in this cast of characters, you spent a lot of time in this. Who who are the heroes of this story?

Speaker 1: The the people who try and fend these attacks off, which is an absolutely unforgiving task, which, again, Jordan, you'll know this very well. You know, it's it's the 3AM phone call, and that's deliberate because the gangs know exactly when to trigger their viruses. It's when the office is minimally staffed if staffed at all. Because speed is of the essence with ransomware. If somebody spots it and can unplug it and can disconnect, the system from the Internet, or disconnect computers from each other, you you can stop the ransomware. You get a partial infection, but you can clear it up. So they want, they want to infect as quickly as possible, but they want to have the maximum amount of time to infect as possible. And it's a bit like a thief breaking into a jewelry store. You know, you do it over a long weekend, like a, you know, holiday weekend. So they would, you know, often trigger the virus to to to to start at sort of 03:00 in the morning. Increasingly, companies know about that, so they have alerts set up. But in the first case, we investigated in the podcast, an attack on a local council in The UK. The individual had to drive into the data center and literally unplug, like, switch the power switches off the servers to try and stop this. So even the amount of time to get from home in the car to the office can feed into, you know, the the the impact of the attack. So the people who are trying to defend against this are are absolutely on the front end. And when these attacks happen, there's an acknowledgment, I think, of this is gonna be an awful week. You know, it's it's gonna be awful. But what comes across loud and clear in the podcast is it's not just a few days a week, it's months. And so if, you know, I said people are listening and they want kind of advice about this, yes, have a response plan, but also understand your response plan is potentially gonna have to spill out over weeks, months, etcetera. The people who haven't slept for three days at the beginning, they can't keep going. You need a bit you need a second team to come in and and reinforce them while they take a break, get some sleep. Things like food, you know, food and drink. You need water supplies. You you might need beds set up in the office. So have you thought about all this human level stuff, human scale stuff? So that's, I think, one of the learnings that kinda comes out in in the podcast. Understand, you know, the impact it's gonna have on particular small groups of people because because in your organization, you will have a small group of people who are gonna be in the real frame to defend against this.

Speaker 2: You've you've you've put the time into reporting on this story, the kind of deep investigative reporting that I think stories like this increasingly need. These are these kinds of stories are gonna become a bigger and bigger part of our world, and it was it's really cool to see the depth you've gone into here. What's the what's the one last big thing that you want people to take away from this series?

Speaker 1: It's it's it's that distinction between crooks and competitors. The number one thing to understand about the people who run these campaigns is they do not think of themselves as crooks. There's a small part of their brain that must know it, but that is overwhelmed by the bit of their brain that casts this as a business. You are not being attacked by an attacker who is a threat actor to you. You are being challenged by a competitor to your business. They have better software than you do. And the evidence of that is your data's been copied and exfiltrated, and your data's been scrambled in your organization. It happened because they have better software than you. Now people may struggle with that and say, well, these are crooks. Yes. Yes. They are. Our view of them is still valid. But if you really want to understand them, and I think an insight into how to challenge them, seeing them as they see themselves is useful. They do not see themselves as crooks. They see themselves as competitors. They're competing internally within the gang. They're competing with other gangs. They're competing with victims. They're not victims. They're competitors. And they're competing with the hero set, with law enforcement. So for example, massive cybersecurity company has some software. The Conti gang got hold of a copy of it, and and they reverse engineered it because they were that that piece of software was stopping them doing their jobs. So they got a copy of it, looked at it, went, okay. We can make our software get around this. You know, that they don't see victims, villains, heroes, these gangs. They see just a a state of nature, a jungle where there's just competitors. You know? There there's no neat categories in the jungle. There's just who wins and who loses, who lives and who dies. You don't make categories of of this. I don't know whether you you watch these nature programs, the David Attenborough nature programs. I always find it interesting which animal Attenborough casts as the victim and the villain. Do do you notice this? Like, an animal's getting chased. And sometimes he says, oh, this poor animal's getting chased. Will the animal get away? But other times, he says, oh, the animal doing the chasing is desperate to feed her children or his family or whatever. I find that really fascinating. But that's fundamentally what it's like in the jungle. Anybody could be a victim or a villain or indeed a hero. So I think understanding that you're you're not in a, you know, an attacker defender situation. You're in a competitive marketplace. That's maybe a different way of framing

Speaker 2: it. There's a there's a an adage about storytelling. I'm I'm sure you bumped into this. That is exactly that. That you open on a shot of a a bear walking through the woods. You don't want that bear to go hungry. But if you open on a shot of the rabbit or whatever that it goes after, you want that rabbit to get away. And everyone views themselves, I guess, in some sense as the rabbit.

Speaker 1: I'm not sure which animal they would see themselves as. It's a very, very interesting question. That's a very interesting question.

Speaker 2: As I said it, I wondered if maybe that's not the case. Maybe they view themselves as the bear, but the bear still gotta eat. It it really is an interesting thing to unpack how a group of people especially when you look at the bottom line with the economic toll of all of this and and then the human toll in some cases. How do you understand yourself? What do you have to tell yourself to avoid the cognitive dissonance of what you're doing? And it's all competition.

Speaker 1: Yeah. It

Speaker 2: is a pretty interesting story to tell yourself.

Speaker 1: Yeah. Yeah. It's just, you know, we I wake up in the day. I have some software. I use it. You know? You you you gotta reframe what you do as a business, and business is about competition. So that will do as the reframing. That will work as the reframing. I really believe that. I've seen it in the chats. Like I say, there's a bit of their brain. These people have wives, girlfriends, kids. I don't know what they tell them. There's a bit of their brain that must know that that what they're doing is wrong and criminality, but they just they can go to work, close the door, and reframe what they do. I imagine some service personnel have that. What you're forced to do in the in the in the armed services is pretty hard. You have to close the door and say this is business. It's it's a mental switch various people in society have to do, actually.

Speaker 2: It is interesting to draw that parallel. It's like you you there are certainly people that must have gone home at night and told their children very true stories about morality and how they ought to behave in the world before going to work at 09:00 in the next morning and, you know, a ransomware in a hospital in Ireland.

Speaker 1: Yeah. I I don't I mean, the the person who's accused of running all this, you know, Vitali Kovalev, has family, you know Yeah. Part partner, kids what they they live a very opulent life from what we've seen in the videos. Very opulent. Dad's in business. Oh, he's in computers. But as soon as they Google his name, they're they're gonna find the accusations against him. So how do you cast that? You say, oh, it's all lies on the Internet, darling. Don't worry about it. I find it fascinating. It's not unique to cybercrime gangs. I mean, generally, in organized crime, you know, understanding what you can tell your family, how honest you can be, and reframing the accusations against you so that your family can live with you and you can live with them. It that's a perennial challenge. But I do find that fascinating.

Speaker 2: It's all competition. Jeff, I appreciate you taking the time to chat with me. Where can folks find the show?

Speaker 1: It's gonna be on, Spotify, on iTunes, BBC Sounds if you're in The UK. It's gonna be all over the place. And if you search cyber hack, BBC cyber hack, you will find it. It was called Lazarus Heist, obviously, the first couple of series about North Korea and the Lazarus Group. If you search Lazarus Heist, you'll you'll come across it. So whichever way you search, you'll find it then. It'll be all over the place from the June 1.

Speaker 2: Awesome. First two seasons were incredible. People should check it out. Jeff, thank you so much for your time.

Speaker 1: Thank you so much for having me. I really enjoyed it.

Speaker 5: When you're a maintenance engineer in a beverage manufacturing plant, you keep production lines moving and quality on track because there is no room for slowdowns. With Grainger's vast selection of high quality motors, sensors, belts, and hard to find parts, you can get what you need fast and all in one place, so nothing gets in the way of getting the job done. Call 1800, click grainger.com, or just stop by. Granger, for the ones who get it done.

Speaker 6: Shopping is always a good deal better at Meijer. Right now, get a $10 coupon with a $100 in store purchase. Coupon redeemable from the seventeenth through twenty third. Also this week, make family meal planning a snap, and fire up the grill with great BOGOs, including buy one get one free fresh from Meijer pork shoulder butt or buy one get one for a dollar fresh from Meyer boneless pork loin chops. Plus, enjoy fresh and juicy blueberries for $3.99 a pint. Good life quality at real low prices, only at Meyer. Exclusions apply. See all deals in the Meyer app.

Speaker 7: Take this as your sign to go. Just get out there and go. This summer at Best Western, get 1,000 bonus points and a chance to win 250,000 bonus points. Life's a trip. Make the most of it at bestwestern.com. No additional purchase necessary for sweeps. See bonus point t's and c's and sweeps rules for details.