Halcyon secures major investment to defend against ransomware

by Ana Lopez

After the 2021 Colonial Pipeline incident, Jon Miller and Ryan Smith wondered why, with the widespread adoption of security tools, ransomware was still growing exponentially.

It’s a strange dichotomy. Seventy-eight percent of companies respond to a recent questionnaire said they plan to increase their investments in cybersecurity in the next 12 months. But at the same time, ransomware damage is expected to exceed $30 billion globally by 2023.

Frustrated with the status quo, Miller and Smith – veterans of Blackberry and Optiv, as well as cyber defense contractor Boldend – founded the cybersecurity startup Halcyon. They claim it can help prevent ransomware from causing harm, while helping businesses reduce overall recovery times.

It’s a message that seemingly resonates with VCs.

Halcyon announced today that it has raised $44 million in a Series A financing round (plus $6 million in debt) led by SYN Ventures and Corner Ventures, with participation from Dell Technologies Capital. The new money and loan, Miller said, will be used to strengthen the company’s engineering and R&D departments and bolster its continued sales and marketing outreach.

“We consider our product unique in that we have no direct competitors, and in fact we want to improve other security tools used by our customers,” said Miller, who serves as CEO. “We first assume that all layers of security will fail at some point, including ours. So we focused on building a product with resilience in mind.”

Miller could argue that Halcyon has no direct competitors. But the cybersecurity space — that has seen funding fall consistently, with dealmaking hitting a two-year low in the most recent fiscal quarter, according to Crunchbase – it’s overflowing with suppliers. The financial crisis threatens to turn the heat even higher.

But Miller patiently explains what he sees as Halcyon’s differentiators that beat the market.

First, the platform uses AI to spot “malicious intent,” trained on a dataset of millions of real-world ransomware events. That’s in contrast to the static, rule-based detection schemes that some cybersecurity platforms use, Miller says.

To build detection engine models, security companies will incorporate millions of samples, indicators and artifacts from various sources,” he added. or broken samples, such as those usually pulled from public malware repositories.”

Halcyon attempts to detect and block known bad executables, such as ready-to-use commodity ransomware, and pass unknown but suspicious executables to additional “layers of protection” for further analysis. Furthermore, the platform attempts to “trick” ransomware into aborting or revealing an attack by using functions hard-coded within the ransomware software itself – activating code via deception techniques.

Halcyon’s other unique feature is a “resilience layer” that kicks in when the platform’s detection and prevention layers fail. As Miller describes it, the resilience layer captures the encryption keys generated during the attack, giving IT and security teams a way to automatically decrypt the affected endpoints, rendering the attack useless.

Typically, during a ransomware attack, attackers encrypt various endpoints on a network, such as laptops, and demand a ransom in exchange for decryption. Halcyon’s approach sounds like a smart way to counter this. Of course, that’s assuming it works as well as Miller says.


Halcyon’s platform uses AI to try to detect and block ransomware. Image Credits: Halcyon

In any event, Halcyon has attracted significant interest from investors, raising a total of $50 million since 2020 including the Series A. Miller says business was momentarily impacted by the collapse of Silicon Valley Bank – Halcyon was a corporate credit card and loan customer with the bank – but that Halcyon has since “diversified its banking relationships” to better manage risk.

With a customer base of about 51 companies, Halcyon plans to grow its workforce from 75 to about 100 by the end of the year. On the product side, Miller says Halcyon will launch a data exfiltration tool to reduce the “double extortion techniques commonly used by ransomware groups today, as well as support for additional operating systems, including Linux and Mac.

Double extortion attacks usually involve hackers threatening to encrypt sensitive data and publish it on the dark web or sell it to the highest bidder.

“With the growth of ransomware operations and the economics that support them, it is easier and cheaper than ever before to access credentials and systems,” said Miller. “Products that don’t start with an approach that prioritizes resilience will lead to more risk for the business and higher cyber insurance premiums impacting all aspects of the organization.”

Miller, when asked, would not reveal Halcyon’s earnings, and when asked why the company went into debt, he said only that it was for short-term “flexibility”. But based on surveys, demand for Halcyon’s product isn’t likely to slow down any time soon – which could be good news for the company’s bottom line.

a questionnaire of CyberCatch found that 75% of businesses could not survive a ransomware attack. Another poll, this one by Mimecast, shows that 47% of businesses have been successfully attacked by ransomware.

When you consider that they come from sellers, is there an element of fear mongering in those numbers? Maybe. But fear does sell, that’s true.

Related Posts