Welcome to the Halcyon Threat Research Incentive Program (TRIP)

Our Mission: Eradicate Ransomware Together.

Modern defensive cyber solutions, while impressive, have failed in the face of cheap and easy-to-create – and most importantly lucrative – ransomware. High-profile breaches are disguising an ugly fact; the companies using next-generation NGAV and EPP solutions continue to be impacted by ransomware.

Halcyon has built the first anti-ransomware engine to tackle this problem. Our team has spent decades building name-brand security products and delivering security consulting to much of the Fortune 500.

Submit

Program Goals

ACCELERATE

Accelerate ransomware variant detection by sourcing novel intel from trusted researchers.

REWARD

Reward researchers fairly for their technical contributions to ransomware defense.

BUILD

Build a global alliance of Halcyon defenders focused on defeating ransomware at scale.

CREATE

Create a trusted pipeline of community-driven threat research and intelligence.

What Does Halcyon
Want From You?

We want original, high-confidence
research that can help us:

Improve detections and behavioral models
Expand visibility into attacker infrastructure
Disrupt operations of the ransomware economy

Example Submissions

New or unknown malware/C2/ransomware actors (including entire chain, delivery, and execution)

Significant variant analysis (e.g., repacked, modular evolutions)

Infrastructure and toolset analysis (e.g., C2 networks, loaders, crypters)

In-depth TTP mapping or evasion strategies

Unique IOCs or behavioral signals

Infostealer backend access or exports

Gootloader panel access or exports

RaaS panel access or exports

Command and Control (C2) panel access or exports such as Cobalt Strike, Brute Ratel, PoshC2, Sliver, Covenant, NightHawk, and SilentTrinity

Data that establishes links between RaaS and APT groups

Program Reward Tiers

Halcyon believes your hard work deserves to be rewarded. To that end, we are committing
up to $250,000 to reward payouts to researchers who provide valuable intelligence that gets us closer to eradicating ransomware and those who carry out the attacks.

Payout Tiers and amounts* are shown below:

TIER 1

Novel details on ransomware groups, RaaS platforms, affiliate attackers, initial access brokers, and other key players in ransomware operations will be rewarded up to $10,000 per accepted submission

TIER 2

Novel details on attacker tooling, infrastructure, evasion techniques, and other TTPs will be rewarded up to $5,000 per accepted submission.

TIER 3

Novel details on droppers, loaders, packers, and other tooling will be rewarded up to $3,000 per accepted submission.

TIER 4

Novel details on indicators of compromise (IOCs) or behavior chains will be rewarded up to $1,000 per accepted submission.

*Payout amounts are subject to change without notice

We respect your work—and we pay fast. Every vetted submission that meets our criteria earns a tangible reward, not just “credit.”

Payment Requirement

Keeping It Clean:

No payments to individuals affiliated with ransomware groups, extortion groups, or on OFAC list.
All researchers must affirm sourcing and independent status
A dedicated Halcyon vetting team reviews and approves submissions
Payouts go through traceable, compliant channels only

We take this seriously. We’re building a program that respects your work and maintains Halcyon’s mission integrity.

Why Researchers Should Participate:

You’re already doing the work—now get recognized and rewarded
Your research could stop a real-world ransomware attack
Halcyon is serious about response—we don’t just collect intel; we act on it
You’ll be part of a trusted global network of researchers fighting back
Collaborate with Halcyon ransomware experts to benefit the entire community

Let’s Eradicate Ransomware Together

Whether you’re a full-time reverse engineer, OSINT specialist, or passionate about defending others—Halcyon wants to work with you.

We're not just here to detect ransomware but to end it. And that starts with you.