Emergence’s Jason Green joins TC Sessions: Enterprise this September

/0 Comments/in /by

Picking winners from the herd of early-stage enterprise startups is challenging — so much competition, so many disruptive technologies, including mobile, cloud and AI. One investor who has consistently identified winners is Jason Green, founder and general partner at Emergence, and TechCrunch is very pleased to announce that he will join the investor panel at TC Sessions: Enterprise on September 5 at the Yerba Buena Center in San Francisco. He will join two other highly accomplished VCs, Maha Ibrahim, general partner at Canaan Partners and Rebecca Lynn, co-founder and general partner at Canvas Ventures. They will join TechCrunch’s Connie Loizos to discuss important trends in early-stage enterprise investments as well as the sectors and companies that have their attention. Green will also join us for the investor Q&A in a separate session.

Jason Green founded Emergence in 2003 with the aim of “looking around the corner, identifying themes and aiming to win big in the long run.” The firm has made 162 investments, led 64 rounds and seen 29 exits to date. Among the firm’s wins are Zoom, Box, Sage Intacct, ServiceMax, Box and SuccessFactors. Emergence has raised $1.4 billion over six funds.

Green is also the founding chairman of the Kauffman Fellow Program and a founding member of Endeavor. He serves on the boards of BetterWorks, Drishti, GroundTruth, Lotame, Replicon and SalesLoft.

Come hear from Green and these other amazing investors at TC Sessions: Enterprise by booking your tickets today — $249 early-bird tickets are still on sale for the next two weeks before prices go up by $100. Book your tickets here.

Startups, get noticed with a demo table at the conference. Demo tables come with four tickets to the show and prime exhibition space for you to showcase your latest enterprise technology to some of the most influential people in the business. Book your $2,000 demo table right here.

MegaCortex | Malware Authors Serve Up Bad Tasting Ransomware

/0 Comments/in /by

This year’s uptick in new ransomware attacks continues with the emergence of the MegaCortex malware, first seen in May and engaging in targeted attacks on corporate networks throughout June and July 2019. Although the infection vector isn’t known at this time, it is likely spread through phishing emails, poisoned attachments or trojan installers. Analysis shows that MegaCortex makes a deliberate attempt to avoid both enterprise security solutions and specific business management software products and delivers a particularly unpleasant ransom note on top. In this post, we dig in to the MegaCortex ransomware and take it for a test drive on one of our endpoints.
 

Background to MegaCortex Ransomware

MegaCortex ransomware continues the recent trend of targeted ransomware specifically looking to compromise and extort money from enterprise victims.

The ransom demand starts out at 2-3 BTC, which at today’s prices represents somewhere in the region of US $20,000 – $30,000. The attackers warn that the demand could rise to as much as 600 BTC (about US $6 million), presumably if the victim tries to hold off paying or if the attackers think the victim can be coerced into paying so much.

image of bitcoin value

Analysis by researcher Vitali Kremez shows that MegaCortex has some interesting functions, including a process killer that targets a number of enterprise level programs such as the Proficy Suite Operations Management software and Gemalto digital identity services.

image of megacortex process killer

 
The MegaCortex ransomware also attempts to take a pot-shot at a number of SentinelOne processes, although as we will see below, the agent’s anti-tampering protection makes MegaCortex’s attempt to kill the SentinelOne processes quite unsuccessful.

Who is Behind MegaCortex Malware?

In order to get past basic security measures, the authors’ of the sample we obtained signed the file with a digital signature.

77ee63e36a52b5810d3a31e619ec2b8f5794450b563e95e4b446d5d3db4453b2

The sample was compiled on the 15th July, 2019, two days before appearing on VirusTotal, and bears a Thawte CA certificate, signed with the name “ABADAN PIZZA LTD”. The product is named “Pizza Napoletana”, described as a “Helper Library” (as we’ll see when we discuss the ransom note below, the authors’ appear to be quite the jesters…).

image of megacortex signed by abadan pizza

Abadan Pizza Ltd turns out to be the name of a UK registered company. It was originally registered, along with a number of other food-related businesses, to an address at 13, Mary Street in Sunderland, North East, England on May 3rd, 2017.

image of Abadan Pizzas in Sunderland

Five days later it changed its registered office to another small business address in Chester Road of the same city (pictured below) before changing it back to its original address in Mary Street in January of 2019. Although there are Italian restaurants in both locations, there doesn’t appear to be an actual shop front with the name ‘Abadan Pizza’ in either street at the time Google Maps drove by. Perhaps they moved into Gentlemen’s hairdressing, though, as there does appear to be an ‘Abadan Barbers’ shop at the second of the two registered addresses

image of megacortex abadan barber

Of course, the link between the name of the business and the name used to sign the malware is likely entirely coincidental and we have no evidence to suggest that the business owners have any knowledge or involvement with the MegaCortex malware. More than likely, they are random victims of the malware authors’ odd sense of humor. It remains an interesting speculation, though, as to whether the malware authors’ picked the name out of a random internet search from halfway across the world or whether the malware authors are or were at some time located in the vicinity of the Abadan Pizza company’s registered addresses.

We Don’t Work For Food!

As we’ve noted, the amount of ransom demanded is clearly aimed at enterprise customers, but MegaCortex’s ransom note also displays an unusual amount of unnecessary grandstanding. Rather than just getting down to business and ensuring the victim has clear incentives and instructions to pay like malware strains such as RobinHood ransomware do, MegaCortex chooses instead to first taunt and then mock its victims, explaining that – candidly, if callously enough – any appeals to the criminals’ better nature would be a waste of everyone’s time. Perhaps playing on the name of their adopted code signatory, Abadan Pizza, the ransom note mockingly tells the victim that they “don’t work for food”.

Remember ! We don’t work for food.
You have to pay for decryption in Bitcoins (BTC).
If you think you pay $500 and you’ll get the decryptor, you are 50 million light years away from reality 🙂
If you don’t have the money don’t even write to us.
We don’t do charity !

image of megacortex ransom note 3

The developers of MegaCortex demonstrate a clear understanding of business software suites and knowledge of enterprise security solutions. This suggests that the actors are not as immature as the language in the ransom note may be trying to suggest. The grammar errors in the ransom note also look somewhat artificial and inconsistent with the overall level of linguistic competency on display.

Demonstration of MegaCortex Ransomware

Let’s take a look at what happens on a victim’s machine when infected with MegaCortex. We’ll set the policy of the SentinelOne agent to “Detect only” so that we can observe the malware in action. Typically, however, enterprise customers would use the ‘Protect’ policy in a real deployment, which would not just detect the malware but also block its execution.

With the policy set to allow MegaCortex to run, we first see on the agent side that the ransomware begins scanning for files to infect.

image of megacortex scanning

At this point, the SentinelOne agent, which the malware failed to evade, is detected by the behavioral engine.

image of megacortex detected on agent

From the administrator’s or SOC analyst’s point of view, the SentinelOne management console alerts on the threat in the Dashboard. Looking at the analysis, the precise reason for the detection is given.

image of megacortex detection in console

The attack story line also reveals MegaCortex’s failed attempt to circumvent the SentinelOne agent.

image of megacortex fails to avoid sentinelone

At this point on the agent side, since we were using the Detect-only policy, the user’s files have been encrypted by the malware. However, now that we’ve seen enough of MegaCortex, it’s time to remediate the machine. One click rolls back the infection and returns all the user’s files to their unencrypted state.

image of megacortex rolled back

If you’d like to see the full demo in action, check out the video below.

Conclusion

Criminals motivated primarily by financial gain have returned to ransomware as their go-to choice of malware in 2019 as a result of both a resurgence in the value of Bitcoin and the decline of easy-money from cryptomining after the closure of Coinhive. This is a trend we expect to see continue throughout 2019 as ransomware attacks have proven devastatingly successful where enterprises are not protected by a comprehensive security solution like SentinelOne. If you’re not already protected by SentinelOne, now is a great time to try a free demo to see how our autonomous endpoint detection and response solution can keep your business safe.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Analytics startup Heap raises $55M

/0 Comments/in /by

Since co-founding Heap, CEO Matin Movassate has been saying that he wants to take on the analytics incumbents. Today, he’s got more money to fund that challenge, with the announcement that Heap has raised $55 million in Series C funding.

Movassate (pictured above) previously worked as a product manager at Facebook, and when I interviewed him after the startup’s Series B, he recalled the circuitous process normally required to collect and analyze user data. In contrast, Heap automatically collects data on user activity — the goal is to capture literally everything — and makes it available in a self-serve way, with no additional code required to answer new queries.

The company says it now has more than 6,000 customers, including Twilio, AppNexus, Harry’s, WeWork and Microsoft.

With this new funding, Heap has raised a total of $95.2 million. The plan is to fund international growth, as well as expand the product, engineering and go-to-market teams.

The Series C was led by NewView Capital, with participation from new DTCP, Maverick Ventures, Triangle Peak Partners, Alliance Bernstein Private Credit Investors, Sharespost and existing investors (NEA, Menlo Ventures, Initialized Capital and Pear VC). NewView founder and managing partner Ravi Viswanathan is joining the startup’s board of directors.

“Heap offers an innovative approach to automating a company’s analytics, enabling a variety of teams within an organization to obtain the data they need to make educated and, ultimately, smarter decisions,” Viswanathan said in a statement. “We are excited to team up with Heap, as they continue to develop their cutting edge software, expand their analytics automation offerings and help serve their growing numbers of customers.”

CircleCI closes $56M Series D investment as market for continuous delivery expands

/0 Comments/in /by

CircleCI launched way back in 2011 when the notion of continuous delivery was just a twinkle in most developers’ eyes, but over the years with the rise of agile, containerization and DevOps, we’ve seen the idea of continuous integration and continuous delivery (CI/CD) really begin to mainstream with developers. Today, CircleCI was rewarded with a $56 million Series D investment.

The round was led by Owl Rock Capital Partners and Next Equity. Existing investors Scale Venture Partners, Top Tier Capital, Threshold Ventures (formerly DFJ), Baseline Ventures, Industry Ventures, Heavybit and Harrison Metal Capital also participated in the round. CircleCI’s most recent funding prior to this round was a $31 million Series C last January. Today’s investment brings the total raised to $115.5 million, according to the company.

CircleCI CEO Jim Rose sees a market that’s increasingly ready for the product his company is offering. “As we’re putting more money to work, there are just more folks that are now moving away from aspiring about doing continuous delivery and really leaning into the idea of, ‘We’re a software company, we need to know how to do this well, and we need to be able to automate all the steps between the time our developers are making changes to the code until that application gets in front of the customer,’ ” Rose told TechCrunch.

Rose sees a market that’s getting ready to explode and he wants to use the runway this money provides his company to take advantage of that growth. “Now, what we’re finding is that fintech companies, insurance companies, retailers — all of the more traditional brands — are now realizing they’re in a software business as well. And they’re really trying to build out the tool sets and the expertise to be effective at that. And so the real growth in our market is still right in front of us,” he said.

As CircleCI matures and the market follows suit, a natural question following a Series D investment is when the company might go public, but Rose was not ready to commit to anything yet. “We come at it from the perspective of keeping our heads down trying to build the best business and doing right by our customers. I’m sure at some point along the journey our investors will be itching for liquidity, but as it stands right now, everyone is really [focused]. I think what we have found is that the bulk of the market is just starting to arrive,” he said.

CircleCI raises $31M Series C for its DevOps platform

Arrcus snags $30M Series B as it tries to disrupt networking biz

/0 Comments/in /by

Arrcus has a bold notion to try and take on the biggest names in networking by building a better networking management system. Today it was rewarded with a $30 million Series B investment led by Lightspeed Venture Partners.

Existing investors General Catalyst and Clear Ventures also participated. The company previously raised a seed and Series A totaling $19 million, bringing the total raised to date to $49 million, according to numbers provided by the company.

Founder and CEO Devesh Garg says the company wanted to create a product that would transform the networking industry, which has traditionally been controlled by a few companies. “The idea basically is to give you the best-in-class [networking] software with the most flexible consumption model at the lowest overall total cost of ownership. So you really as an end customer have the choice to choose best-in-class solutions,” Garg told TechCrunch.

This involves building a networking operating system called ArcOS to run the networking environment. For now, that means working with manufacturers of white-box solutions and offering some combination of hardware and software, depending on what the customer requires. Garg says that players at the top of the market like Cisco, Arista and Juniper tend to keep their technical specifications to themselves, making it impossible to integrate ArcOS with those companies at this time, but he sees room for a company like Arrcus .

“Fundamentally, this is a very large marketplace that’s controlled by two or three incumbents, and when you have lack of competition you get all of the traditional bad behavior that comes along with that, including muted innovation, rigidity in terms of the solutions that are provided and these legacy procurement models, where there’s not much flexibility with artificially high pricing,” he explained.

The company hopes to fundamentally change the current system with its solutions, taking advantage of unbranded hardware that offers a similar experience but can run the Arrcus software. “Think of them as white-box manufacturers of switches and routers. Oftentimes, they come from Taiwan, where they’re unbranded, but it’s effectively the same components that are used in the same systems that are used by the [incumbents],” he said.

The approach seems to be working, as the company has grown to 50 employees since it launched in 2016. Garg says that he expects to double that number in the next six-nine months with the new funding. Currently the company has double-digit paying customers and more than 20 in various stages of proofs of concepts, he said.

Duo’s Wendy Nather to talk security at TC Sessions: Enterprise

/0 Comments/in /by

When it comes to enterprise security, how do you move fast without breaking things?

Enter Duo’s Wendy Nather, who will join us at TC Sessions: Enterprise in San Francisco on September 5, where we will get the inside track on how to keep enterprise networks secure without slowing growth.

Nather is head of advisory CISOs at Duo Security, a Cisco company, and one of the most respected and trusted voices in the cybersecurity community as a regular speaker on a range of topics, from threat intelligence to risk analysis, incident response, data security and privacy issues.

Prior to her role at Duo, she was the research director at the Retail ISAC, and served as the research director of the Information Security Practice at independent analyst firm 451 Research.

She also led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation — now UBS.

Nather also co-authored “The Cloud Security Rules,” and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014.

We’re excited to have Nather discuss some of the challenges startups and enterprises face in security — threats from both inside and outside the firewall. Companies large and small face similar challenges, from keeping data in to keeping hackers out. How do companies navigate the litany of issues and threats without hampering growth?

Who else will we have onstage, you ask? Good question! We’ll be joined by some of the biggest names and the smartest and most prescient people in the industry, including Bill McDermott at SAP, Scott Farquhar at Atlassian, Julie Larson-Green at Qualtrics, Aaron Levie at Box and Andrew Ng at Landing AI and many, many more. See the whole agenda right here.

Early-bird tickets are on sale right now! For just $249 you can see Nather and these other awesome speakers live at TC Sessions: Enterprise. But hurry, early-bird sales end on August 9; after that, prices jump up by $100. Book here.

If you’re a student on a budget, don’t worry, we’ve got a super-reduced ticket for just $75 when you apply for a student ticket right here.

Enterprise-focused startups can bring the whole crew when you book a Startup Demo table for just $2,000. Each table gives you a primo location to be seen by attendees, investors and other sponsors, in addition to four tickets to enjoy the show. We only have a limited amount of demo tables and we will sell out. Book yours here.

Airbud raises $4 million to add a voice interface to your website

/0 Comments/in /by

Amazon’s Alexa ushered in a new dawn of user interfaces, bringing voice into the mix as a viable option. Dozens of companies have sprouted because of this, not least of which being Airbud.io.

Airbud allows any company to add a voice interface to its website. The company just closed a $4 million round led by Hanaco Ventures, with participation from ERA and Spider Capital.

Airbud was co-founded by Israel Krush, Uri Valevski and Rom Cohen after the team saw the growth of voice interfaces and wondered how to capitalize on it.

By allowing companies to add voice/chat bot utility to their websites, Airbud hopes to increase retention of end-users on sites and give them easier access to the information they seek. Krush says that Airbud is focusing on websites that you have to be on, rather than the ones you want to be on.

That means Airbud clients are mostly in the healthcare space and travel space, helping end-users find a physician or book a flight using their voice.

Most importantly, Airbud operates on a plug and play system, meaning that clients don’t have to do the usual heavy lifting involved in creating a chat bot. Most of the time, folks who implement chatbots have to build a conversation tree. Airbud uses existing information scraped from the website, paired with an easy plug-and-play system for clients, to automatically build out a knowledge graph and have conversations with end-users.

Airbud charges based on the number of indexed pages and traffic to those pages.

The company plans to use the funding to increase the size of its team from seven to 15.

Ethyca raises $4.2M to simplify GDPR compliance

/0 Comments/in /by

GDPR, the European data privacy regulations, have been in effect for more than a year, but it’s still a challenge for companies to comply. Ethyca, a New York City startup, has created a solution from the ground up to help customers adhere to the regulations, and today it announced a $4.2 million investment led by IA Ventures and Founder Collective.

Table Management, Sinai Ventures, Cheddar founder Jon Steinberg and Moat co-founder Jonah Goodhart also participated.

At its heart, Ethyca is a data platform that helps companies discover sensitive data, then provides a mechanism for customers to see, edit or delete their data from the system. Finally, the solution enables companies to define who can see particular types of data across the organization to control access. All of these components are designed to help companies comply with GDPR regulations.

ethyca enterprise transaction log

Ethyca enterprise transaction log (Screenshot: Ethyca)

Company co-founder Cillian Kieran says that the automation component is key and should greatly reduce the complexity and cost associated with complying with GDPR rules. From his perspective, current solutions that involve either expensive consultants or solutions that require some manual intervention don’t get companies all the way there.

“These solutions don’t actually solve the issue from an infrastructure point of view. I think that’s the distinction. You can go and use the consultants, or you can use a control panel that tells you what you need to do. But ultimately, at some point you’re either going to have to build or deploy code that fixes some issues, or indeed manually manage or remediate those [issues]. Ethyca is designed for that and takes away those risks because it is managing privacy by design at the infrastructure level,” Kieran explained.

If you’re worried about the privacy of providing information like this to a third-party vendor, Kieran says that his company never actually sees the raw data. “We are a suite of tools that sits between business processes. We don’t capture raw data, We don’t see personal information. We find information based on unique identifiers,” he said.

The company has been around for more than a year, but has been spending its first year developing the solution. He sees this investment as validation of the problem his startup is trying to solve. “I think the investment represents the growing awareness fundamentally from both with the investor community, and also in the tech world, that data privacy as a regulatory constraint is real and will compound itself,” he said.

He also points out that GDPR is really just the tip of the privacy regulation iceberg, with laws in Australia, Brazil and Japan, as well as California and other states in the U.S. due to come online next year. He says his solution has been designed to deal with a variety of privacy frameworks beyond GDPR. If that’s so, his company could be in a good position moving forward.

WTF is GDPR?

CrunchMatch simplifies networking at TC Sessions: Enterprise 2019

/0 Comments/in /by

Get ready to experience world-class networking TechCrunch-style at TC Sessions: Enterprise 2019. On September 5, more than 1,000 of the top enterprise software minds and makers, movers and shakers will descend on San Francisco’s Yerba Buena Center for the Arts. It’s a day-long conference featuring distinguished speakers, panel discussions, demos and workshops.

It’s also a prime opportunity to connect and build relationships with enterprise software founders, technologists and investors. Make the most of that opportunity by using CrunchMatch, our free business match-making service.

The automated platform lets you find people based on specific mutual business criteria, goals and interests. It helps you sift through the noise and make the most of your valuable time. After all, connecting with the right people produces better results.

Here’s how CrunchMatch (powered by Brella) works. When CrunchMatch goes live — several weeks before the main event — we’ll email a sign-up link to all ticket holders. You’ll be able to access the platform and create a profile with your specific details — your role (technologist, founder, investor, etc.) and a description of the types of people you want to connect with at the event.

CrunchMatch works its algorithmic magic and suggests meetings, which you can then vet, approve and schedule or decline. It’s an efficient and productive way to network. Take a look at how CrunchMatch helped Yoolox increase distribution.

All that time-saving efficiency will free you up to enjoy more of the presentations and hear from speakers like the renowned founder, investor, AI expert and Stanford professor, Andrew Ng. You won’t want to miss his take on how AI will transform the enterprise world — like nothing else since the cloud and SaaS. And that’s just a taste of what you can expect.

If you haven’t already done so, buy your tickets now and save $100 before the prices go up on August 9. Early-bird tickets cost $249 and student tickets sell for $75. Buy 4+ tickets to get the group rate and save another 20%.

ROI tip: For every ticket you buy to TC Sessions: Enterprise, we’ll register you for a free Expo-only pass to TechCrunch Disrupt SF 2019.

We can’t wait to see you at TC Sessions: Enterprise 2019 in San Francisco on September 5. Join your community, explore the top enterprise trends and companies and make productive connections with the influential people who can help you reach your goals. Buy your ticket today.

Interested in sponsoring TC Sessions: Enterprise? Fill out this form and a member of our sales team will contact you.

Nearly a third of US households don’t have a broadband connection

/0 Comments/in /by

Over the past several years, many have suggested that broadband internet should be regarded as a public utility, like water or gas. Staying connected has become an essential part of nearly every facet of life, but according to a new report, high-speed connections may not be as prevalent here in the States as you may think.

In its new Rural America and Technology study, NPD notes that 31% of U.S. households don’t have broadband (25Mbps downloads and up) internet connections. The number works out to roughly 100 million per the report. That figure, unsurprisingly, is highly concentrated in rural areas — less than one-fifth of that population has a broadband connection.

While broadband was considered something of a luxury in the not so distant past, it’s grown into an increasingly essential aspect of modern existence, from work to health to entertainment. The concentration of access to the technology in urban versus rural areas has been a major aspect in what analysts have referred to as the “digital divide.” Rural areas make up nearly 97% of the total U.S. land.

On the upside, the report suggests that 5G could have a profound impact on those numbers. “The roll out of 5G will have a significant impact in rural America, disrupting the limited broadband carrier market and delivering broadband to many households that have not previously had access,” NPD’s Eddie Hold said in a statement released with the report. “This will inevitably provide an opportunity for manufacturers and retailers to reach new consumers with advanced devices.”

Given the speed and spottiness with which the technology has been rolled out thus far, however, coupled with the high prices of first-generation handsets, it will likely take several years before that comes to pass.