Explore more publications!
Today on the Internet
Got News to Share?

Emerging Ransomware BQTLock and GREENBLOOD Drive Rapid Business Disruption

DUBAI, DUBAI, UNITED ARAB EMIRATES, February 11, 2026 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has released new findings on BQTLock and GREENBLOOD, two newly identified ransomware threats built for fast business disruption.

By combining quick operational disruption with tactics that reduce visibility, these attacks can escalate into downtime, compliance exposure, and financial loss before teams fully confirm whatโ€™s happening.

๐„๐ฑ๐ž๐œ๐ฎ๐ญ๐ข๐จ๐ง ๐๐š๐ญ๐ญ๐ž๐ซ๐ง๐ฌ ๐๐ž๐ก๐ข๐ง๐ ๐ญ๐ก๐ž ๐๐ž๐ฐ ๐‘๐š๐ง๐ฌ๐จ๐ฆ๐ฐ๐š๐ซ๐ž ๐“๐ก๐ซ๐ž๐š๐ญ๐ฌ

๐—•๐—ค๐—ง๐—Ÿ๐—ผ๐—ฐ๐—ธ is a stealth-focused ransomware-linked chain that injects Remcos into explorer.exe, performs a UAC bypass via fodhelper.exe, and establishes autorun persistence to retain elevated access after reboot. It then shifts into credential theft and screen capture, turning the incident into both a ransomware event and a potential data exposure case.

๐—š๐—ฅ๐—˜๐—˜๐—ก๐—•๐—Ÿ๐—ข๐—ข๐—— is a Go-based ransomware built for rapid impact. It uses ChaCha8-based encryption to disrupt operations within minutes, followed by self-deletion and cleanup attempts to reduce forensic visibility. The campaign also relies on TOR leak-site pressure, adding extortion leverage even after recovery efforts begin.

For a deeper technical breakdown with actionable detection insights and real indicators of compromise, read the full research on ANY.RUNโ€™s Blog.

๐๐ฎ๐ฌ๐ข๐ง๐ž๐ฌ๐ฌ ๐ˆ๐ฆ๐ฉ๐š๐œ๐ญ ๐€๐œ๐œ๐ž๐ฅ๐ž๐ซ๐š๐ญ๐ž๐ฌ ๐š๐ฌ ๐ƒ๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง ๐–๐ข๐ง๐๐จ๐ฐ๐ฌ ๐’๐ก๐ซ๐ข๐ง๐ค

Common business consequences include:

ยท Rapid downtime and service disruption triggered by fast encryption or delayed detection

ยท Data exposure and compliance risk driven by credential theft, screen capture, or leak-site threats

ยท Reduced forensic visibility caused by stealth techniques or cleanup activity

ยท Higher recovery and incident-response costs as response windows shrink from hours to minutes

Together, these factors shift ransomware from an isolated security incident to a time-critical business risk requiring faster detection and containment.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN fits into modern SOC workflows, integrating into existing processes and supporting investigations across Tier 1, Tier 2, and Tier 3.

It helps teams safely detonate suspicious content, confirm real behavior, enrich findings with threat context, and apply fresh intelligence to move faster and make confident decisions.

Today, more than 600,000 security professionals and 15,000 organizations rely on ANY.RUN to accelerate triage, reduce escalations, and stay ahead of evolving threats.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms & Conditions