Hiding in Plain Sight: How DragonForce Weaponized Legitimate Software

Halcyon describes stopping a DragonForce ransomware operation that weaponized vulnerable SimpleHelp remote-access software (exploiting three critical CVEs) to deliver a signed malicious executable to a healthcare organization; the file evaded most antivirus/EDR detections and could yield SYSTEM-level remote access and rapid encryption. The report positions Halcyon's Ransomware Operations Center as a 24/7 specialist that detects, evicts, and recovers from ransomware faster than general-purpose EDR and typical incident-response retainer workflows.