Black Hat USA: Halcyon and Sophos tag-team ransomware fightback
Cyber safety specialists Halcyon and Sophos have teamed as much as develop a brand new risk intelligence sharing three way partnership that can see the 2 corporations swap information on crucial metrics similar to indicators of compromise (IoCs), recognized adversary behaviours, and assault patterns.
Introduced on the annual Black Hat USA occasion in Las Vegas, the partnership will see two of probably the most skilled groups working right now to deal with the ransomware risk pool their assets within the service of serving to velocity up detection, improve safety, and enhance response capabilities.
“Ransomware instruments and techniques are evolving continually, and the most effective protection is well timed, related intelligence that permits defenders to behave rapidly and with confidence,” stated Simon Reed, chief analysis and scientific officer at Sophos.
“By sharing insights with Halcyon, we’re bettering sign constancy and accelerating detection throughout our techniques, which strengthens safety for all of the organisations we serve.”
Halcyon CEO and co-founder Jon Miller added: “Halcyon is honored to associate with Sophos. Over the past 4 years, based mostly on our telemetry, Sophos has time and time once more confirmed to be one of the crucial efficient endpoint safety platforms we’ve got encountered, reliably performing and disrupting attackers at a degree that merely outperforms the vast majority of the gamers within the next-generation antivirus and endpoint detection and response (EDR) area.
“Their dedication to innovate and roll out industry-leading and distinctive options continues to place their prospects at an on a regular basis benefit over probably the most subtle assaults affecting enterprises right now.”
Increasing operations
The tie-up follows Halycon’s institution of a community-centric Ransomware Analysis Centre – in addition to Sophos’ current acquisition of its personal risk searching capabilities by means of its buy of Secureworks.
From a technological perspective, the duo stated the partnership will higher inform each get together’s options, together with Sophos Endpoint, Managed Detection and Response (MDR) and XDR, and Halcyon’s Anti-Ransomware Platform.
Extra broadly, Sophos stated the collaboration would improve its personal technique to increase the attain and velocity of its risk intel response by means of partnerships. Its X-Ops cross-functional unit shall be working carefully with Halcyon’s analysis and engineering workforce to share ransomware insights throughout numerous assault surfaces, and switch these into operational advantages.
No fiddling please
As a sidenote, Halcyon and Sophos are additionally planning to implement mutual anti-tampering protections of their platforms that allow each events to watch and safeguard one another’s brokers when lively in buyer environments.
The logic behind that is to make sure that joint prospects – the place they exist – not solely profit from added resilience and cut back the danger of ransomware interfering with their defences, but in addition protect, and even improve, the integrity of their wider cyber safety methods.
Malicious quartile
In the meantime, Halcyon this week launched its quarterly Malicious Quartile ransomware report protecting the second calendar quarter to the tip of June 2025.
The report explores a number of developments within the ransomware ecosystem, notably the rising profile of the Akira cyber crime crew, which has change into a number one actor because of its excessive operational tempo, adaptive nature, and strategic focusing on of victims. Additionally on the rise is the more and more disciplined and ‘mature’ SafePay gang, which made headlines within the IT channel in July after an audacious assault on the techniques of sector mainstay, tech distributor Ingram Micro.
Halcyon additionally discovered that the so-called Deliver-Your-Personal-Weak-Driver (BYOVD) approach – whereby ransomware gangs introduce their very own legit, signed drivers with recognized vulnerabilities into goal techniques to be able to obtain unauthorised kernel-level entry – is now turning into a key assault vector.
And it highlighted a broader development – noticed by others over the previous yr and persevering with to realize in scale – of ransomware gangs bypassing encryption lockers and transferring to a pure information theft and extortion mannequin.
Such assaults go away IT techniques comparatively intact and require much less technical work on the a part of the cyber criminals, however for victims this hardly counts as a blessing.