In the year Following the 2021 Colony Pipeline incident, John Miller and Ryan Smith explain why, despite the widespread implementation of security tools, ransomware is still growing at a high rate.
It’s an odd dichotomy. Seventy-eight percent of companies responding to a recent survey said they plan to increase their investments in cybersecurity in the next 12 months. But at the same time, ransomware damage is expected to exceed $30 billion worldwide by 2023.
Frustrated, Miller and Smith — veterans of companies later acquired by BlackBerry and Optiv, as well as cyber defense contractor Bolden — founded the cybersecurity startup Halcyon. They say it helps stop ransomware from causing damage while enabling companies to reduce their overall recovery time.
It’s a message that seems to resonate with VCs.
Halcyon today announced participation in a $44 million Series A funding round led by SYN Ventures and Corner Ventures with Dell Technologies Capital. The new cash and loan will be used to strengthen the company’s engineering and R&D department and strengthen its ongoing sales and marketing offering, Miller said.
“We look at our product as unique because we don’t have direct competitors, and we want to improve other security tools used by our customers,” said Miller, who serves as CEO. “We first assume that all layers of security, including our own, fail at some point. That’s why we focus on building products with resilience in mind.
Miller can claim that Halcyon is without direct competitors. But the cybersecurity space — which has seen funding fall steadily, with deals hitting a two-year low in the most recent fiscal quarter, according to Crunchbase — is flooded with vendors. The financial crisis threatens to raise the temperature even more.
But Miller sees Patience as a Halcyon market-beater.
For one, the platform taps AI to identify “malicious intent” trained on a dataset of millions of real-world ransomware incidents. This is in contrast to the static, rules-based scanning programs used by some cybersecurity platforms, Miller says.
“Security companies import millions of samples, markers and artifacts from various sources to build search engine models, he said. “We set out to avoid contaminating our models with data unrelated to ransomware campaigns or broken samples that typically come from public malware repositories.”
Halcyon tries to detect and block known bad actors, such as off-the-shelf raw ransomware, and bypass unknown but suspicious actors for additional “layers of defense.” In addition, the platform attempts to “fool” an attack using features hardcoded into the ransomware software itself – using code spoofing techniques.
Another unique component of Halcyon is a “resilience layer” that kicks in if the platform’s detection and defense layers fail. According to Miller, the resilience layer captures the encryption keys generated during the attack, allowing IT and security teams a way to automatically decrypt affected endpoints — rendering the attack futile.
Typically, during a ransomware attack, attackers encrypt various endpoints on a network—for example, laptops—and demand a ransom to decrypt them. Halcyon’s approach seems like a smart way to combat this. This is of course assuming it works exactly as Miller says.
Regardless, Halcyon has attracted a lot of attention from investors, having raised a total of $50 million since 2020, including Series A Miller. with the bank — but that Halcyon says has “improved its banking relationship” to better manage risk.
With a client base of around 51 companies, Halcyon plans to increase its workforce size from 75 people to 100 by the end of the year. In terms of product, Miller said Halcyon will launch a data extraction tool to stop the “double-spoofing” techniques commonly used by ransomware groups today, as well as support for additional operating systems, including Linux and Mac.
Double hacking attacks often involve hackers trying to encrypt sensitive data and either publish it on the dark web or sell it to the highest bidder.
“With the growth of ransomware operations and the economy that supports them, it’s easier and cheaper than ever to gain access to credentials and systems,” Miller said. “Products that don’t start with a proactive approach to resilience will create greater risks for the business and higher cyber insurance premiums that impact every aspect of the organization.”
Miller would not disclose Halcyon’s earnings when asked, and when asked why the company took on debt in the near term, he said only for “flexibility.” But if surveys are anything to go by, demand for the halcyon product isn’t slowing down anytime soon — which could be good news for the bottom line.
A study by CyberCatch found that 75% of companies cannot survive a ransomware attack. Another poll, this one by Mimecast, shows that 47% of companies have been successfully attacked by ransomware.
Considering they come from suppliers, is there an element of fear jaws in those numbers? in case. But fear sells, it’s true.