DUBAI, DUBAI, UNITED ARAB EMIRATES, February 11, 2026 /EINPresswire.com/ — ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has released new findings on BQTLock and GREENBLOOD, two newly identified ransomware threats built for fast business disruption.
By combining quick operational disruption with tactics that reduce visibility, these attacks can escalate into downtime, compliance exposure, and financial loss before teams fully confirm what’s happening.
𝐄𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧 𝐏𝐚𝐭𝐭𝐞𝐫𝐧𝐬 𝐁𝐞𝐡𝐢𝐧𝐝 𝐭𝐡𝐞 𝐍𝐞𝐰 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐓𝐡𝐫𝐞𝐚𝐭𝐬
𝗕𝗤𝗧𝗟𝗼𝗰𝗸 is a stealth-focused ransomware-linked chain that injects Remcos into explorer.exe, performs a UAC bypass via fodhelper.exe, and establishes autorun persistence to retain elevated access after reboot. It then shifts into credential theft and screen capture, turning the incident into both a ransomware event and a potential data exposure case.
𝗚𝗥𝗘𝗘𝗡𝗕𝗟𝗢𝗢𝗗 is a Go-based ransomware built for rapid impact. It uses ChaCha8-based encryption to disrupt operations within minutes, followed by self-deletion and cleanup attempts to reduce forensic visibility. The campaign also relies on TOR leak-site pressure, adding extortion leverage even after recovery efforts begin.
For a deeper technical breakdown with actionable detection insights and real indicators of compromise, read the full research on ANY.RUN’s Blog.
𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐈𝐦𝐩𝐚𝐜𝐭 𝐀𝐜𝐜𝐞𝐥𝐞𝐫𝐚𝐭𝐞𝐬 𝐚𝐬 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐒𝐡𝐫𝐢𝐧𝐤
Common business consequences include:
· Rapid downtime and service disruption triggered by fast encryption or delayed detection
· Data exposure and compliance risk driven by credential theft, screen capture, or leak-site threats
· Reduced forensic visibility caused by stealth techniques or cleanup activity
· Higher recovery and incident-response costs as response windows shrink from hours to minutes
Together, these factors shift ransomware from an isolated security incident to a time-critical business risk requiring faster detection and containment.
𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍
ANY.RUN fits into modern SOC workflows, integrating into existing processes and supporting investigations across Tier 1, Tier 2, and Tier 3.
It helps teams safely detonate suspicious content, confirm real behavior, enrich findings with threat context, and apply fresh intelligence to move faster and make confident decisions.
Today, more than 600,000 security professionals and 15,000 organizations rely on ANY.RUN to accelerate triage, reduce escalations, and stay ahead of evolving threats.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X
Legal Disclaimer:
EIN Presswire provides this news content “as is” without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
