How Halcyon Works Across the Ransomware Attack Chain

Learn how we disrupt attackers' actions across the entire attack chain, from initial access to encryption, making it nearly impossible for them to demand a ransom and inflict long-lasting damage to your organization.

Ransomware is More Than You Think.
It’s not just malware or a single executable.

1

Let’s Dispel Some Ransomware Fallacies

Ransomware isn’t as simple as a file or a label. It is not a specific malware classification. It is not just an executable encrypting files. It is not a single type of detection or alert. It’s a coordinated attack strategy, involving multiple stages, actors, and tools.

2

Ransomware has Become an Ecosystem

It’s not a lone hacker in a hoodie. Modern Ransomware Ops run like businesses, complete with: Initial Access Brokers, RaaS operators, affiliates, developers, and even pen testers. Each player has a role. Each role profits from your vulnerability.

3

One Executable?
Try an Entire Playbook.

Ransomware is not a singular tool or a one-time event. it has evolved into a coordinated, systematic, multi-stage campaign. From initial access to lateral movement, encryption, and extortion — every step is planned, executed, and profit-driven.

How it Works Across the Attack Chain

INITIAL ACCESS
REMOTE ACCESS
PRIVIlege escalation
ENVIRONMENT Enumeration
credential Harvesting
Lateral Movement
Security Bypass
DATA EXFILTRATION
Backup DESTRUCTION
DATA ENCRYPTION
INITIAL ACCESS
Halcyon detects when attackers use malicious executables, brute force attempts, or command and control (C2) infrastructure to access your environment.
PREVENTION
DXP
After gaining initial access, attackers typically use remote access tools to carry out their attacks more effectively. Halcyon detects this activity, creating alerts for immediate investigations.
PREVENTION
DXP
Halcyon alerts and interrupts an attacker's attempt to escalate user privileges using malicious executables or vulnerable kernel drivers. 
PREVENTION
KERNEL GUARD
Halcyon identifies when an attacker attempts to enumerate your environment for recon and intel gathering, to make their attack ultimately more effective. 
PREVENTION
Halcyon understands attackers' methods to harvest valid user credentials, detecting and preventing their actions automatically. 
PREVENTION
Halcyon detects and prevents when attackers attempt to move laterally across your environment. For example, when using an RMM tool to try and connect to machines in environment, Halcyon can halt their progression. 
PREVENTION
Halcyon employs unique features like EDR Last Gasp and Tamper Guard to protect against attackers' attempts to bypass and disable security products in real-time. 
LAST GASP
TAMPER GUARD
Halcyon Data Exfiltration Protection (DXP) acts as an early warning system alerting you of an attacker's attempt to steal your data, yet to be caught by other security tools.
DXP
Halcyon can detect and disrupt an attacker attempting to gain initial access into your environment using malicious executables, brute force attacks, or command and control (C2) infrastructure.
BEHAVIORAL
DXP
Halcyon's ability to decrypt data using captured key material allows for an alternative recovery path if data is encrypted during a ransomware event. 
BEHAVIORAL
KEY CAPTURE

How it Works Across the Attack Chain

INITIAL
ACCESS
REMOTE
ACCESS
PRIVIlege
escalation
ENVIRONMENT
enumeration
credential
Harvesting
Lateral
Movement
Security
Bypass
DATA
EXFILTRATION
Backup
DESTRUCTION
DATA
ENCRYPTION
INITIAL ACCESS
Halcyon detects when attackers use malicious executables, brute force attempts, or command and control (C2) infrastructure to access your environment.
PREVENTION
DXP
After gaining initial access, attackers typically use remote access tools to carry out their attacks more effectively. Halcyon detects this activity, creating alerts for immediate investigations.
PREVENTION
DXP
Halcyon alerts and interrupts an attacker's attempt to escalate user privileges using malicious executables or vulnerable kernel drivers. 
PREVENTION
KERNEL GUARD
Halcyon identifies when an attacker attempts to enumerate your environment for recon and intel gathering, to make their attack ultimately more effective. 
PREVENTION
Halcyon understands attackers' methods to harvest valid user credentials, detecting and preventing their actions automatically. 
PREVENTION
Halcyon detects and prevents when attackers attempt to move laterally across your environment. For example, when using an RMM tool to try and connect to machines in environment, Halcyon can halt their progression. 
PREVENTION
Halcyon employs unique features like EDR Last Gasp and Tamper Guard to protect against attackers' attempts to bypass and disable security products in real-time. 
LAST GASP
TAMPER GUARD
Halcyon Data Exfiltration Protection (DXP) acts as an early warning system alerting you of an attacker's attempt to steal your data, yet to be caught by other security tools.
DXP
Halcyon can detect and disrupt an attacker attempting to gain initial access into your environment using malicious executables, brute force attacks, or command and control (C2) infrastructure.
BEHAVIORAL
DXP
Halcyon's ability to decrypt data using captured key material allows for an alternative recovery path if data is encrypted during a ransomware event. 
BEHAVIORAL
KEY CAPTURE

Putting the Platform to Work for You

Quickly deploy the Halcyon agent across your organization. Understanding how it works is as simple as 1-2-3.

Deploying Agents Across Your Environment

You can install our lightweight agent on any endpoint or server running Windows or Linux using your favorite deployment tool.

Once deployed and registered, we monitor the agents' health and autonomously protect them from tampering attempts.

Execution Protection Modes: Detection Mode

We designed our agent to protect your assets from day one. Part of that protection comes from learning about your environment.

Over a brief period, we learn what is expected in your environment and ensure no legitimate tools or custom applications trigger alerts. This short but essential part of the deployment phase results in high-fidelity ransomware alerts.

Execution Protection Modes: Prevention Mode

Now that we know your environment intimately, we move into protection mode.

While many organizations move into full prevention mode where all malicious files, processes, and applications are blocked automatically, some organizations leave critical assets in detection mode, where we alert, but do not automatically block anything. Ultimately the choice is yours.

Monitor + Respond with Halcyon RDR

Whether your assets are in detection or prevention mode, Halcyon RDR actively triages every alert generated in the platform.

The Halcyon team will quickly notify you or your third-party security service provider of any active attacks and the steps required to evict them. With this service running 24/7/365 and included at no additional cost, your ability to protect your organization from a ransomware attack immediately skyrockets.

Reduce recovery time from days or weeks to hours

While no fully protected customer has experienced a widespread ransomware attack, we know it’s possible. If it happens, we will work to get you back to a pre-attack state quickly, evicting the attacker and ensuring all your assets are fully protected as part of the Halcyon Ransomware Warranty - included with the platform at no additional cost.

With Halcyon, You Can:

Eradicate Ransomware
Defeat ransomware without adding resources or complexity to your environment.
ELIMINATE IMPACTS
Avoid costly downtime and reputational damage that often follows a widespread ransomware event.
REDUCE RISKS
Eliminate the worry that an expensive ransom attack could impact your bottom line.

Schedule a Halcyon
Demo Today

Want to stop ransomware, recover from attacks without backups, and prevent data extortion? Connect 
with a Halcyon ransomware expert!

Get a 20-minute LIVE ransomware prevention demonstration.
Learn how Halcyon eliminates the business downtime risks from an attack.
See how Halcyon stops data extortion attacks and data exfiltration.
Discover why ransomware protection goes beyond traditional endpoint controls.
1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.