Welcome to the Halcyon Threat Research Incentive Program (TRIP)
Our Mission: Eradicate Ransomware Together.
Modern defensive cyber solutions, while impressive, have failed in the face of cheap and easy-to-create – and most importantly lucrative – ransomware. High-profile breaches are disguising an ugly fact; the companies using next-generation NGAV and EPP solutions continue to be impacted by ransomware.
Halcyon has built the first anti-ransomware engine to tackle this problem. Our team has spent decades building name-brand security products and delivering security consulting to much of the Fortune 500.
Program Goals
What Does Halcyon
Want From You?
We want original, high-confidence research
that can help us:
- Improve detections and behavioral models
- Expand visibility into attacker infrastructure
- Disrupt operations of the ransomware economy
Example Submissions
Program Reward Tiers
Halcyon believes your hard work deserves to be rewarded. To that end, we are committing
up to $250,000 to reward payouts to researchers who provide valuable intelligence that gets us closer to eradicating ransomware and those who carry out the attacks.
We reward high-quality, novel threat intelligence related to ransomware operations. Payout tiers and amounts* are outlined below
Up to $10,000 per accepted submission
For novel access** or details on:
Ransomware-as-a-Service (RaaS) platform panels
Initial access broker panels
Ransomware private keys
Source code to ransomware builders/panels/tooling
Human-attributable information on ransomware groups, affiliate attackers, or other key players
Up to $5,000 per accepted submission
For novel access** or details on:
Attacker tooling
- Binary copies of encryptors/decryptors
- Infrastructure access
- Privilege escalation/evasion techniques (DLL sideloading)
- Security bypasses (specific vulnerable drivers)
Victim information in US/EMEA/LATAM
Up to $3,000 per accepted submission
For novel access** or details on:
Droppers, loaders, packers, and other tooling related to ransomware attacks
Victim information in developing nations
Up to $1,000 per accepted submission
For novel details on:
Indicators of compromise (IOCs) - IPs, DNS of data exfil infrastructure, etc…
Online identify information - usernames and chat history of threat actors from private chats
Submission Criteria:
To qualify for any payout:
- All data must be non-public and not centrally sourced (e.g., not available on VirusTotal, ReversingLabs, Joe’s Sandbox, Any.Run, threat actor .onion blog information, posts on social media, etc.)
- Submissions must relate to established ransomware threat actor groups or groups with members from such entities
- Threat actors must target commercial businesses in US/EMEA/LATAM regions (no lone-wolf or individual-targeting actors)
- Tooling must be from in-the-wild sources used in active campaigns
- Submitters should be prepared to discuss and validate their data
- Payout amounts are subject to change without notice
** "Novel access" refers to non-public, non-centrally sourced data
Why Researchers Should Participate:
- You’re already doing the work—now get recognized and rewarded
- Your research could stop a real-world ransomware attack
- Halcyon is serious about response—we don’t just collect intel; we act on it
- You’ll be part of a trusted global network of researchers fighting back
- Collaborate with Halcyon ransomware experts to benefit the entire community
Let’s Eradicate Ransomware Together
We're not just here to detect ransomware but to end it. And that starts with you.