Ransomware remains one of the biggest threats to enterprises around the world. Consider the following statistics from just last year, according to the FBI’s Internet Crime Complaint Center:
Total Losses: The total losses due to ransomware in 2023 exceeded $10.3 billion, including ransom payments and related costs like downtime, recovery, and lost business opportunities
Number of Incidents: There were over 2,385 reported ransomware incidents in 2023, affecting various sectors including critical infrastructure, healthcare, education, and business services
Ransom Payments: The average ransom payment saw a significant increase, with many organizations paying over $1 million to recover their data. The rise in ransom amounts reflects the increasing sophistication and demands of ransomware groups
Total losses in 2023 of more than $10.3 billion is more than the GDP of roughly 30 different countries, including the Maldives, Montenegro, Barbados, and Fiji, just to name a few.
“The largest problem we’re facing now with ransomware, is that attackers are willing to break your systems for you to pay them off," says Jon Miller, founder and CEO of Halcyon. “It isn’t about stealing data or espionage. It’s about the money.”
Halcyon was founded in 2021 with a singular mission: build an end-to-end and bespoke ransomware readiness, prevention and recovery platform.
Miller, the company’s visionary, brings two decades of an offensive security/attacker mindset to this unsolved and crippling security pain-point. Starting as a penetration tester, Miller transitioned into an offensive security research role and was a pivotal contributor to the development of anti-virus software aimed at countering terrorism for the Federal government.
The turning point came when a high-profile ransomware attack crippled a major piece of infrastructure, leading Miller to recognize ransomware as the most significant threat in the IT landscape.
The explosion in ransomware attacks, and customers being forced to pay extortionists to recover data, has long been a priority for us. Halcyon’s path-breaking platform, which leverages AI micro-models to identify and prevent ransomware attacks, represents a robust response to an endemic problem. Cisco’s AI strategy revolves around 5 pillars to connect and protect the AI movement. One of those is ‘Security for AI, AI for security.’ To put it simply, AI-powered threats require AI-powered defenses. Halcyon is a welcome addition to our investment portfolio, and the latest investment out of our Global AI Investment Fund, announced earlier this year.
Leveraging Artificial Intelligence
For Miller, successfully attacking ransomware meant approaching it in an entirely new way.
“Everyone focuses on a component where ransomware is involved,” Miller explains. “Phishing emails are a good example. Where Halcyon is different, is we’re looking at the ransomware itself, the attackers’ tactics, techniques and growth. Then we’re putting as many obstacles in their way as we can to break their leverage, which is most often downtime.”
Halcyon accomplishes this by employing specialized AI micro-models designed to identify the unique characteristics and behaviors of ransomware attacks. These models enable their solution to detect early indicators on a system before a ransomware attack fully manifests. By identifying these early signs, Halcyon can launch preventative actions, such as initiating backups, to mitigate the impact of ransomware.
However – Halcyon recognizes that AI isn’t a perfect solution. To ensure a robust and reliable threat detection system, Halcyon integrates AI with other methods of threat detection and response, such as behavioral analysis and rule-based detection. This multi-faceted approach allows Halcyon to go beyond traditional endpoint security, ensuring quick recovery from ransomware attacks. Additionally, their keyless decryption capability allows them to recover encrypted data even after an attack, providing a comprehensive defense against ransomware.
Looking Ahead
Turning to the future, Halcyon looks to expand their ransomware protection to include cloud and mobile platforms, driven by a long-term commitment to innovation and agility. By maintaining an attacker-driven approach, they aim to continuously adapt and enhance their solutions, providing comprehensive and effective ransomware defense for decades to come. To beat the attacker, you need to think and act like an attacker. With this philosophy, Jon and his team are poised to usher in a Halcyonic era for Cybersecurity.