Patents Assigned to Halcyon Tech, Inc.
-
Patent number: 12277251Abstract: Information characterizing a security event is received from an agent executing on an endpoint computing device. The received information identifies a plurality of files encrypted as part of a ransomware attack and key material used when encrypting each of the files. Based on the received information, a surveyor package is generated which includes decryptor logic to decrypt at least a portion of the files. The surveyor package is deployed to the agent so that it can be unpacked and executed to decrypt at least a portion of the files. Once these files are decrypted, then can be transported to a safe computing environment Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: November 14, 2024Date of Patent: April 15, 2025Assignee: Halcyon Tech, Inc.Inventors: Alejandro Espinoza, Robert Bushner, Matthew Gosline, Kristen Lamb, Seagen Levites, Clark Lindsey, Jonathan Miller, Ryan Smith, Vu Ta
-
Patent number: 12271476Abstract: Data is received that comprises or characterizes an executable and dynamic linked library (DLL). Features are then extracted from the executable and DLL. The extracted features are input into at least one machine learning model to generate a suspiciousness score. The machine learning model can be trained to determine whether the executable file comprises ransomware. An execution chain of trust score for the executable and DLL can later be determined based on the extracted features and the suspiciousness score. This execution chain of trust score for the executable and DLL characterizes one or more associated parent processes. This suspiciousness score and the execution chain of trust score can be used to determine whether or not to initiate one or more ransomware countermeasures. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: February 16, 2023Date of Patent: April 8, 2025Assignee: Halcyon Tech, Inc.Inventors: Ryan Smith, Jonathan Miller
-
Patent number: 12229261Abstract: A notification message is received indicating an upload of a file to a cloud service. An analysis engine (which can execute one or more machine learning models or other analysis operations) can generate information that characterizes the file which can be indicative of a level of trustworthiness for the file. In response to the generated information, each of a plurality of judges are notified to commence or revisit a judging process. In response to the notifications, the judges (which can execute one or more machine learning models or other analysis operations) retrieve the generated information and determine a respective trustworthiness score for the file. These scores can be stored in a corresponding judge database and/or data can be provided which characterizes the determined trustworthiness scores to a consuming application or process. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: May 3, 2024Date of Patent: February 18, 2025Assignee: Halcyon Tech, Inc.Inventors: Robert Bushner, Alejandro Espinoza, Srinivasa Kanamatha, Kristen Lamb, Thanh Le, Seagen Levites, Clark Lindsey, Jorge Medina, Jonathan Miller, Ryan Smith, Vu Ta, Kyle West
-
Patent number: 12189755Abstract: A program identity of an unknown binary is inferred in response to a trigger (e.g., a request to access or execute the unknown binary, etc.). One or more authentication factors are then executed to authenticate the inferred program identity of the unknown binary as being one of a plurality of different programs. The program can be selectively provided with access to system resources and/or sensitive operations can be limited based on a program nature of the authenticated program identity. In some variations, the authentication factors cause a modified authentication workflow in which a human user provides input as to whether or not to authenticate the inferred program identity.Type: GrantFiled: April 22, 2024Date of Patent: January 7, 2025Assignee: Halcyon Tech, Inc.Inventors: Remy Baumgarten, Robert Bushner, Alejandro Espinoza, Kristen Lamb, Seagen Levites, Clark Lindsey, Jonathan Miller, Ryan Smith
-
Patent number: 12130914Abstract: Applications and processes executing on an endpoint are monitored to identify behavior indicative of malicious activity such as a ransomware attack. Messages generated from this monitoring as well as messages derived from external sources are stored in a queue for routing. A router selects some messages from the queue based on a routing policy and sends them to a cloud-based platform that can initiate various actions based on received messages. The router also sends some messages from the queue to a module that analyzes the messages and reduces their size by aggregating, correlating, and detecting relevant information. The module puts the modified messages back into the queue for further routing by the router according to the policy. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: June 14, 2024Date of Patent: October 29, 2024Assignee: Halcyon Tech, Inc.Inventors: Robert Bushner, Alejandro Espinoza, Kristen Lamb, Seagen Levites, Clark Lindsey, Jonathan Miller, Peter Morgan, Michael Mullin, Ryan Smith, Vu Ta, Seva Tonkonoh, Timothy West