How One Letter Hid a Ransomware Army

Halcyon detected and contained a targeted Qilin ransomware intrusion at a financial services firm: a malicious svchosts.exe binary bypassed Defender and Carbon Black and spread to 30 endpoints using EDR-evasion, shadow copy deletion attempts, privilege escalation and lateral movement, but behavioral detections, tenant-wide telemetry, and a coordinated war-room response stopped the attack before any encryption or data exfiltration occurred.