Maze, a notorious ransomware group, says it’s shutting down

One of the most active and notorious data-stealing ransomware groups, Maze, says it is “officially closed.”

The announcement came as a waffling statement, riddled with spelling mistakes, and published on its website on the dark web, which for the past year has published vast troves of stolen internal documents and files from the companies it targeted, including Cognizant, cybersecurity insurance firm Chubb, pharmaceutical giant ExecuPharm, Tesla and SpaceX parts supplier Visser, and defense contractor Kimchuk.

Where typical ransomware groups would infect a victim with file-encrypting malware and hold the files for a ransom, Maze gained its notoriety for first exfiltrating a victim’s data and threatening to publish the stolen files unless the ransom was paid.

It quickly became the preferred tactic of ransomware groups, which set up websites — often on the dark web — to leak the files it stole if the victim refused to pay up.

Maze initially used exploit kits and spam campaigns to infect its victims, but later began using known security vulnerabilities to specifically target big name companies. Maze was known to use vulnerable virtual private network (VPN) and remote desktop (RDP) servers to launch targeted attacks against its victim’s network.

Some of the demanded ransoms reached into the millions of dollars. Maze reportedly demanded $6 million from one Georgia-based wire and cable manufacturer, and $15 million from one unnamed organization after the group encrypted its network. But after COVID-19 was declared a pandemic in March, Maze — as well as other ransomware groups — promised to not target hospitals and medical facilities.

But security experts aren’t celebrating just yet. After all, ransomware gangs are still criminal enterprises, many of which are driven by profits.

A statement by the Maze ransomware group, claiming it has shut down. Screenshot: TechCrunch

“Obviously, Maze’s claims should be taken with a very, very small pinch of salt,” said Brett Callow, a ransomware expert and threat analyst at security firm Emsisoft. “It’s certainly possible that the group feels they have made enough money to be able to close shop and sail off into the sunset. However, it’s also possible — and probably more likely — that they’ve decided to rebrand.”

Callow said the group’s apparent disbanding leaves open questions about the Maze group’s connections and involvement with other groups. “As Maze was an affiliate operation, their partners in crime are unlikely to retire and will instead simply align themselves with another group,” he said.

Maze denied that it was a “cartel” of ransomware groups in its statement, but experts disagree. Steve Ragan, a security researcher at Akamai, said Maze was known to post data from other ransomware, like Ragnar Locker and the LockBit ransomware-for-hire, on its website.

“For them to pretend now that there was no team-up or cartel is just plain backwards. Clearly these groups were working together on many levels,” said Ragan.

“The downside to this, and the other significant element, is that nothing will change, Ransomware is still going to be out there,” said Ragan. “Criminals are still targeting open access, exposed RDP [remote desktop protocol] and VPN portals, and still sending malicious emails with malicious attachments in the hope of infecting unsuspecting victims on the internet,” he said.

Jeremy Kennelly at FireEye’s Mandiant threat intelligence unit said that while the Maze brand may be dead, its operators are likely not gone for good.

“We assess with high confidence that many of the individuals and groups that collaborated to enable the Maze ransomware service will likely to continue to engage in similar operations — either working to support existing ransomware services or supporting novel operations in the future,” said Kennelly.

Booming edtech M&A activity brings consolidation to a fragmented sector

As the COVID-19 pandemic continues to force teachers, students and parents to adopt new technologies, edtech’s total addressable market has massively grown in the last several months. The shift has urged venture capitalists to pour money into the sector accordingly, ushering a number of startups into the unicorn club.

But maturation doesn’t just mean bigger checks and high-flying unicorns — it also brings exits.

Edtech M&A activity is buzzier than usual: In the last week, Course Hero, a startup that sells Netflix-like subscriptions to students looking for learning and teaching content, bought Symbolab, an artificial intelligence-powered calculator. Saga Education, a tutoring nonprofit backed by Comcast, the Bill & Melinda Gates Foundation and others, acquired math software platform Woot Math. We also saw PowerSchool, which sells a suite of software services to manage schools, scoop up Hoonuit, a data management and analytics tool for educators. Finally, K-12 curriculum company Discovery Education bought K-5 science and stem curriculum upstart Mystery Science.

It’s a lot of news in a short period of time. Luckily, these consolidations offer some directional guidance regarding where some edtech businesses think the future of their industry is headed.

Smart content as a competitive advantage

Content, to an extent, is commoditized. If you can find a free tutorial on Youtube or Khan Academy, buy a subscription to an edtech platform that offers the same solution? The commodification of education is good for end-users and is often why startups have a freemium model as a customer acquisition strategy. To convert free users into paying subscribers, edtech startups need to offer differentiated and targeted content.

The Course Hero and Mystery Science deals show us that edtech businesses are hungry for personalized, targeted content. Course Hero’s acquisition of Symbolab was essentially a deal for more than a decade’s worth of data that captured which math questions students found hardest.

Symbolab is a math calculator that is set to answer over 1 billion questions this year. With each answer, Symbolab adds information to its algorithm regarding students’ most common pain points and confusion. Course Hero, in contrast, is a broader service that focuses on Q&A from a variety of subjects. CEO Andrew Grauer says Symbolab’s algorithm isn’t something that Course Hero, which has been operating since 2006, can drum up overnight. That’s precisely why he “decided to buy, instead of build.”

“It made a lot of sense to move fast enough so it wouldn’t take up multiple years to get this technology,” Grauer said. The deal was made as big companies get in the Q&A game too, he noted. Google acquired homework helper app Socratic in 2019 and Microsoft built Microsoft Solver in the same year.

Discovery Education, a curriculum provider for K-12 classrooms, acquired San Francisco-based K-5 STEM curriculum provider, Mystery Science. Discovery Education has launched a series of other products focused on science education, including Discovery Education Experience, the Science Techbook series and STEM Connect.  However, Mystery Science is largely focused on offering a creative digital solution to science education. The programming, a mix of videos, prompts and projects, cover a range of questions such as, “Where do rivers flow?” and “Could a volcano pop up where you live?” for young students.

Mystery Science CEO and founder Keith Schact explained how his product focuses on kids and educators, while Discovery Education focuses on educators and districts, making the deal feel like a “natural marriage.” Even as edtech goes directly to consumers, Schact remains bullish on the role that institutions play in true adoption of technology.

“You can go straight to teachers and get a certain market share,” he said. “But the institutions still do have a big role.” The founder likened the dynamic to the state of media: With the rise of blogs, you can publish directly and reach an engaged audience, but writers who want a bigger positioning tend to join larger platforms to grow their overall reach. Edtech is the same, in that some startups need an official sign-off from schools before they can reach venture-scale returns.

According to a source familiar with the transaction, Mystery Science was sold for $175 million after only raising $4 million in venture financing.

Using data management and analytics to improve student outcomes

Apple rumored to debut two 13-inch MacBook models at Nov. 10 event

Apple will debut at least one and possibly two 13-inch MacBook models of some sort at its Nov. 10 “One more thing” special event, a previously accurate leaker said on Monday.

The Cupertino tech giant on Monday morning announced a “One more thing” special event for Tuesday, Nov. 10. Although it didn’t reveal any details, the event is largely expected to center on Apple Silicon.

Shortly after the announcement, leaker @L0vetodream posted two tweets that simply read “13 inch” and “13 inch X 2.”

Although cryptic, the tweets imply that Apple will release two devices with 13-inch displays during the Tuesday announcement event. Based on its current MacBook lineup, those could be a 13-inch MacBook Pro and a 13-inch MacBook Air.

Of course, Apple said it would announce the first Apple Silicon Macs by the end of 2020. The Nov. 10 event is the likeliest candidate for a debut, though Apple did add that it also has more Intel-based Macs in the pipeline.

As such, one of those 13-inch Mac devices could be Apple Silicon-based, while the other could be an Intel Mac. It isn’t clear which monikers the new Mac models could use, however.

Other Apple leakers have suggested that the first Apple Silicon device could be a reboot of the 12-inch MacBook with an A14X processor.

It’s also possible that Apple could release its Ultra Wideband “AirTags” accessory at the November event alongside new AirPods models, such as the long-rumored “AirPods Studio“. The company may also debut or announcement the release date of “macOS Big Sur.

L0vetodream has previously said that a 14-inch MacBook Pro model is in the works for a 2021 release. Although the leaker doesn’t have a perfect track record, their predictions have been historically accurate.

Apple's 'One More Thing' event invite has an AR Easter egg

Continuing a trend, the “One More Thing” Apple Silicon event web page hides an AR object, and looks similar to a MacBook opening its display.

When on the Apple event webpage, users can click on the Apple logo in the invite to enter an AR view on iOS and iPadOS devices. On macOS, users can download the file and view the animation in Quick Look.

The large Apple logo loops through an animation that looks similar to opening and closing a MacBook display. When open the colors of the invitation radiate outward like a bright and glowing screen. You can place the USDZ file and view it in 360-degrees in AR, which was introduced in an update in iOS 12.

Apple is expected to announce a new MacBook and 24-inch iMac using Apple Silicon Processors.

Spotify will now allow artists and labels promote tracks in your recommendations

Spotify announced today it will begin to test a new service that gives artists more of a say in how their music is discovered on the Spotify platform. At launch, the service will allow artists and labels to identify music that’s a priority to them and Spotify will then add a signal to help the music get surfaced by its personalization algorithms.

While the new service is not a paid promotion and requires no upfront budget on artists’ or labels’ part, Spotify says that the artists, labels and rights holders will agree to be paid a “promotional recording royalty rate” for streams where the company provides the service. Streams that come from any other place in the app would not be impacted, however.

At launch, the promotional rate will apply only in select areas of Spotify’s app, including Spotify Radio and Autoplay. Promoted tracks won’t appear on other playlists, either algorithmic or editorial — though Spotify isn’t ruling out expansion to these areas in the future.

“We wanted to make the tools accessible and available to artists of any size, at any phase in their career,” explains Spotify Product Marketing Lead, Charleton Lamb, in describing the new service. That’s why the company won’t require an upfront payment from artists and labels, he says.

“We were looking for a model that was acceptable, more democratic and fair…The model is going to allow even really small artists to access promotions at the same terms of the biggest labels,” Lamb adds.

Image Credits: Spotify

The idea is that if a track does well due to the promotion, the rights holders would see an overall positive ROI as the music becomes more popular and sees increased plays outside of the areas where the lower, promotional rate applies. Artists can also turn off the promotions at any time if the tool is not having a positive financial benefit.

Spotify isn’t detailing the extent of the royalty rate change for promotions, saying that it may be adjusted as a result of the test.

The company also stresses it will take listener interest and enjoyment into consideration with this change. Spotify says if the music performs well, it will continue to promote it. But if it doesn’t, it will be pulled back.

“We won’t guarantee placement to labels or artists, and we only ever recommend music we think listeners will want to hear,” Spotify notes, in its public announcement.

Lamb clarifies this means users may hear a promoted track if they already listen to that genre or artist, but also if there are other signals that indicate a user may be receptive to the music. For example, users could come across the promoted track if the music was acoustically similar to what they already listen to. It could also be placed in front of the user if they listen to similar artists, or if people who have similar listening habits also listen to that music.

The reverse will also be true. If those who share a user’s listening habits are negatively responding to a promoted track — perhaps by skipping it in a session or choosing to stream less frequently from Radio, for instance — the music could be pulled back.

“If any kind of recommendation was causing a listener to respond negatively or show less interest in radio systems, then we would adjust how we’re recommending,” Lamb says.

This user feedback loop can quickly impact the extent with which the track is promoted, he also notes, as the recommendation pools for listeners are updated every 24 hours.

There is currently no limit to how many tracks that an artist or label can promote at once, nor any limit on the time frame of the promotion.

While artists can promote tracks of any recency, Spotify believes the largest focus for this tool would be on catalog music. For example, if the artist is looking to celebrate an album anniversary or take advantage of a “cultural moment.”

In other words, if an artist sees sudden viral success for an older track, this service could help. That’s something that’s happening with much more frequency these days, thanks to TikTok, which is helping surface older tunes when they get featured as the background track in viral videos.

For example, when TikTok user Nathan Apodaca — better known as @420doggface208 — recorded a video of himself skateboarding and drinking Ocean Spray’s Cran-Raspberry juice to Fleetwood Mac’s “Dreams,” the 1977 classic found itself back on the top charts.

TikTok said that from the video’s release on Sept. 25th to mid-October, the average daily uses of “Dreams” in TikTok videos climbed 1,380%, which then translated to a 374% jump in sales and an 89% jump in streams. This allowed the song to re-enter the Billboard Hot 100 at #21 after a 43-year absence. It also climbed to the Top Ten of Spotify’s Global and U.S. charts and hit #1 on Apple Music.

That’s precisely the type of “cultural moment” Spotify now aims to profit from.

Though the service is not exactly a “pay for play” model, it is a financially-tied service for music promotion that effectively allows Spotify to make more money when streams are “promoted” with the new tool.

Spotify has been inching its way into the pay for play market for years. In 2019, the company introduced a new feature that allows artists to buy a full-screen recommendation to promote their new album to users Spotify has identified as fans. Rolling Stone said each ad click cost 55 cents, citing internal documents.

Though the feature was targeted towards users who would be more likely to welcome such a notification, it was criticized as being a new form of payola — meaning labels that had the most money to spend would get the most play.

In previous years, Spotify had also been criticized for allowing payola to infiltrate its playlists. And the company famously angered its users in 2018 with an over-the-top Drake album promotion that placed the album and Drake’s image in sections of the app like Browse and Playlists, and used Drake’s image on playlists that didn’t even contain his music — like those featuring dance hits, pop, and more.

This new service, on the other hand, aims to counter some of the issues with past promotions, as it would favor pushing tracks to already receptive users — and it would do so in a less over-the-top way than with pop-up ads or overboard global promotions.

Spotify has tested the technology before now with a small number of partners, but says it will now begin to roll out the test and the promoted rate in the U.S.

During the test period, it will work with a small handful of labels, including both indies and majors, to gain a variety of feedback. Spotify says the feature will expand globally in the future.

Coupa Software snags Llamasoft for $1.5B to bring together spending and supply chain data

Coupa Software, a publicly traded company that helps large corporations manage spending, announced that it was buying Llamasoft, an 18 year old Michigan company that helps large companies manage their supply chain. The deal was pegged at $1.5 billion.

This year Llamasoft released its latest tool, an AI-driven platform for managing supply chains intelligently. This capability in particular seemed to attract Coupa’s attention, as it was looking for a supply chain application to compliment its spend management capabilities.

Coupa CEO and chairman Rob Bernshteyn says when you combine that supply chain data with Coupa’s spending data, it can produce a powerful combination.

“Lamasoft’s deep supply chain expertise and sophisticated data science and modeling capabilities, combined with the roughly $2 trillion of cumulative transactional spend data we have in Coupa, will empower businesses with the intelligence needed to pivot on a dime,” Bernshteyn said in a statement.

The purchase comes at a time when companies are focusing more and more on digitizing processes across enterprise, and when supply chains can be uncertain, depending on the location of COVID hotspots at any particular time.

“With demand uncertainty on one hand, and supply volatility on the other, companies are in need of supply chain technology that can help them assess alternatives and balance trade-offs to achieve desired business results. LLamasoft provides these capabilities with an AI-powered cloud platform that empowers companies to make smarter supply chain decisions, faster,” the company wrote in a statement.

Llamasoft was founded in 2002 in Ann Arbor, Michigan and has raised over $56 million, according to Crunchbase data. Its largest raise was a $50 million Series B in 2015 led by Goldman Sachs.

The company generated more than $100 million in revenue and has 650 big customers including Boeing, DHL, Kimberly-Clark and GM, according to company data.

Coupa has been extremely acquisitive over the years, buying 17 companies, according to Crunchbase data. This deal represents the fourth acquisition this year for the company. So far the stock market is not enamored with the acquisition with the company’s stock price down 5.20% at publication.

Apple announces Apple Silicon special event for November 10

In a virtual invite sent out on Monday, Apple has announced that it is having a “One more thing” event on November 10, at 1:00 PM Eastern Time.

The event invite is bereft of details, although it is likely to be an Apple Silicon event, given that Apple CEO Tim Cook did say that Macs with Apple’s new processor are going to ship before the end of 2020. The event will be held virtually, like the last several have been, and will likely be prerecorded at various locations inside Apple Park.

This story is breaking, update frequently for the most recent information

Apple’s next big event is November 10

Apple just sent out invites for its latest — and last — big event of 2020. Set for 10AM PT on November 10, the “One More Thing” event will almost certainly focus on the long-awaited arrival of Apple silicon Macs. The big event will, naturally, be online-only — as it seems will all  big tech shows for the foreseeable future.

The move toward virtual events amid the COVID-19 shutdown has afforded companies the ability to break these spotlight events up more than in past years. After all, simply asking reporters and analysts to tune into a livestream is a much smaller lift. As such, the company has taken advantage, with three events in quick succession. The first focused on the new Apple Watch and iPads, the second iPhones and now it seems inevitable that Apple is going to turn its attention to the Mac.

Developing…

Lidar startup Aeva to go public via $2.1 billion SPAC merger

Aeva, a Mountain View, Calif.-based lidar company started by two former Apple engineers and backed by Porsche SE, is merging with special purpose acquisition company InterPrivate Acquisition Corp., with a post-deal market valuation of $2.1 billion.

The deal with InterPrivate, which is led by private equity investor Ahmed Fattouh, is expected to close by early 2021. Aeva is the latest company to eschew the traditional IPO path and go public via a SPAC merger. It’s also the third lidar company, following Velodyne and Luminar, to take this route to the public markets.

Lidar, or light detection and ranging radar, measures distance. It’s considered by many in the emerging automated driving industry as a critical and necessary sensor. Velodyne long dominated the lidar industry and supplied most AV developers with its products. Dozens of startups have popped up in the past several years aiming to carve away market share from Velodyne, each one pitching its own variation on the technology and business approach.

Traditional lidar sensors are able to determine distance by sending out high-power pulses of light outside the visible spectrum and then tracking how long it takes for each of those pulses to return. As they come back, the direction of, and distance to, whatever those pulses hit are recorded as a point and eventually forms a 3D map.

Aeva’s founders Soroush Salehian and Mina Rezk have developed what they call “4D lidar,” which can measure distance as well as instant velocity without losing range, all while preventing interference from the sun or other sensors. The company’s FMCW technology also uses less power, allowing it to fold in perception software. While the company’s technology has been primarily developed for use in autonomous vehicles as well as advanced driving assistance systems, Salehian says its technology is also piquing the interest of those in consumer electronics.

aeva lidar

Image credits: Aeva 

“We see this transaction as an opportunity to accelerate our development efforts to scale our 4D LiDAR for production on next level ADAS and automated driving vehicles, but also importantly, we have separately seen significant interest for the use of our chip level LiDAR built on silicon photonics specifically for consumer device applications where our technology can provide higher range capability, no degradation from sunlight and measuring motion — which at the end open a new set of applications for expanded AR/VR and beyond,” Salehian said in an email to TechCrunch. “To my knowledge, Aeva is the only company that is capable of providing such a LiDAR-on-chip technology that meets the high performance requirements of automotive and consumer device applications at such price points. And we feel that now is the right time for us to seize such opportunities.”

Aeva’s technology has landed it a number of partnerships and customers as well as backing from Porsche Automobili Holding SE, the largest shareholder of the VW Group. In September, Aeva announced a production partnership with Tier 1 manufacturer ZF to supply automotive grade 4D lidar.

The combined company will be renamed Aeva Inc. and is expected to continue to be listed on the New York Stock Exchange and trade under the ticker symbol “AEVA.”

Aeva said it was able to raise $120 million in private investment in public equity, or PIPE, including investments from Adage Capital and Porsche SE. The combined company will provide about $363 million in gross proceeds, a figure that include $243 million held in trust by InterPrivate and the $120 million in PIPE. All Aeva stockholders, including Lux Capital, Canaan Partners, and Lockheed Martin, will retain their equity holdings through Aeva’s transition into the publicly listed company.

Moment launches expansive lineup of iPhone 12 MagSafe accessories

Moment has announced an expansive lineup of iPhone 12 MagSafe accessories including new cases, tripod mounts, cold shoe mounts, wall mounts, and car mounts.

All of Moment’s new gear is up for preorder on Moment’s website with delivery starting in March and is geared towards photographers as well as everyday users. It marks the first major accessory maker to launch a MagSafe line following Apple partner Belkin.

Moment MagSafe cases

The Moment Thin case has a great soft-touch finish and is made from a bio-plastic that is better for the environment. It has a wrist strap connector at the bottom and is compatible with Moment’s drop-in M-Series lens mount.

Moment's MagSafe cases

Moment’s MagSafe cases

if you want something more protective, the Moment Protective case is the option. It has a dual-material design and includes different back materials such as wood. The bottom is also fully enclosed, unlike the Thin case. It too has a wrist strap anchor and support for the M-Series lens mount.

Both cases support MagSafe and include integrated magnets in the cases themselves. They have six feet of drop protection, a lifetime warranty, and include the lens mounting interface in the box.

these will run $49.99.

Moment Tripod mounts

Outside of cases, we have the Moment Tripod mounts for MagSafe. There are two distinct models, a standard model and a pro model that includes a cold shoe mount for connecting accessories like lights and microphones.

Moment Tripod Mounts

Moment MagSafe tripod mounts

This securely attaches to the back of any iPhone 12 model via MagSafe and includes extra-strong magnets to create an even better drop. Something Moment calls its (M) Force magnet array.

It works with or without a case and works in either portrait or landscape orientations. Moment’s Tripod and Pro Tripod can mount to any 1/4″-20 tripod, are made from solid aluminum, and have padded contact points to protect your phone.

The Moment Tripod Mount and Moment Pro Tripod Mount run $39.99 and $49.99 respectively.

Cold shoe mount

The Moment Cold Shoe Mount is a great way to mount various accessories to the back of an iPhone 12. It has a slim aluminum construction, a padded contact point to the back of the phone, and extra-strong (M) Force magnets.

Moment MagSafe Cold Shoe mount

Moment MagSafe Cold Shoe mount

Many photography and videography accessories rely on a cold shoe to mount and now this feature comes to iPhone without the need for a clamp or additional grip. Perfect for microphones, lights, and more.

This retails for $29.99.

More mounts

Moment is also introducing other universal mounts.

Moment MagSafe mounts

Moment MagSafe Mounts

There is the Moment Multi Threaded Mount, also known as a cheese plate, which has four 1/4″-20 female threads as well as two 3/8-inch female threads. Use this to connect tripods, arms, rigs, ballheads, and more to your iPhone. It is priced at $29.99.

Finally, Moment has a 3M adhesive mount that can go onto your desk, monitor, dash, wall, et cetera. It has a countersunk hole for mounting with a screw as well. For in the car, there is the Moment Car Vent Mount. This has a vent clip on the back and a very slim design.

The Moment Car Vent Mount runs $29.99 and the wall mount is $19.99.