Halcyon Tech Inc., a startup using capsule neural networks to fend off ransomware attacks, today announced that it has closed a $100 million Series C round.

Evolution Equity Partners led the investment. It was joined by Bain Capital Ventures, Dropbox Ventures and other institutional investors, including several of Halcyon’s existing backers. The Austin-based software maker is now worth $1 billion.

Halcyon sells a platform that detects ransomware using artificial intelligence models based on the CapsNet, or capsule neural network, architecture. It’s a relatively new approach to building AI models that was introduced in 2017 by a team that included Geoffrey Hinton. CapsNet algorithms use a different set of mathematical operations to process input than other AI models, which makes them better at finding certain types of patterns in data.

The company says its AI models were trained on millions of ransomware-related data points. That repository includes, among other items, information about the breach tactics used in ransomware campaigns. Halcyon also gives its AI models access to malicious files spotted by its customers.

In addition to encrypting the victim’s files, many ransomware strands send a copy of the data to hacker-controlled servers. The hackers then threaten to make the data public unless a ransom is paid. According to Halcyon, its platform can spot ransomware by detecting when it attempts to move files out of an organization’s network. 

Halcyon also uses other methods to spot malicious activity. The platform monitors for common breach indicators, including attempts to delete and rename files on employee devices. It collects data about such incidents using an agent, or lightweight program, that it installs on every endpoint a company wishes to protect.

In some cases, ransomware strands attempt to avoid detection by disabling the targeted system’s cybersecurity software. Halcyon has built an “endpoint armoring” feature that promises to prevent hackers from compromising breach prevention applications. For added measure, the company’s platform can sync the data it collects about ransomware campaigns to a company’s other threat detection tools. 

It’s not always possible to detect ransomware before it encrypts an organization’s files. To reduce data loss, Halcyon provides a feature that can extract the cryptographic key with which ransomware performs encryption. Having the key makes it considerably easier to decrypt compromised files: It’s promising recovery times of a few hours instead of the days or months usually required for the task.

“Ransomware victims paid over $1 billion in 2023 just to regain access to their own data and assets,” said Bain Capital Ventures partner Enrique Salem. “One in every 10 organizations worldwide have been affected by ransomware and Halcyon’s unique technology is proven to prevent ransom payments and data loss to criminals.”

Halcyon will use the proceeds from its latest funding round to enhance its technology and acquire more customers.

Image: Halcyon