DUBAI, DUBAI, UNITED ARAB EMIRATES, February 11, 2026 /EINPresswire.com/ — ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has released new findings on BQTLock and GREENBLOOD, two newly identified ransomware threats built for fast business disruption.
By combining quick operational disruption with tactics that reduce visibility, these attacks can escalate into downtime, compliance exposure, and financial loss before teams fully confirm whatโs happening.
๐๐ฑ๐๐๐ฎ๐ญ๐ข๐จ๐ง ๐๐๐ญ๐ญ๐๐ซ๐ง๐ฌ ๐๐๐ก๐ข๐ง๐ ๐ญ๐ก๐ ๐๐๐ฐ ๐๐๐ง๐ฌ๐จ๐ฆ๐ฐ๐๐ซ๐ ๐๐ก๐ซ๐๐๐ญ๐ฌ
๐๐ค๐ง๐๐ผ๐ฐ๐ธ is a stealth-focused ransomware-linked chain that injects Remcos into explorer.exe, performs a UAC bypass via fodhelper.exe, and establishes autorun persistence to retain elevated access after reboot. It then shifts into credential theft and screen capture, turning the incident into both a ransomware event and a potential data exposure case.
๐๐ฅ๐๐๐ก๐๐๐ข๐ข๐ is a Go-based ransomware built for rapid impact. It uses ChaCha8-based encryption to disrupt operations within minutes, followed by self-deletion and cleanup attempts to reduce forensic visibility. The campaign also relies on TOR leak-site pressure, adding extortion leverage even after recovery efforts begin.
For a deeper technical breakdown with actionable detection insights and real indicators of compromise, read the full research on ANY.RUNโs Blog.
๐๐ฎ๐ฌ๐ข๐ง๐๐ฌ๐ฌ ๐๐ฆ๐ฉ๐๐๐ญ ๐๐๐๐๐ฅ๐๐ซ๐๐ญ๐๐ฌ ๐๐ฌ ๐๐๐ญ๐๐๐ญ๐ข๐จ๐ง ๐๐ข๐ง๐๐จ๐ฐ๐ฌ ๐๐ก๐ซ๐ข๐ง๐ค
Common business consequences include:
ยท Rapid downtime and service disruption triggered by fast encryption or delayed detection
ยท Data exposure and compliance risk driven by credential theft, screen capture, or leak-site threats
ยท Reduced forensic visibility caused by stealth techniques or cleanup activity
ยท Higher recovery and incident-response costs as response windows shrink from hours to minutes
Together, these factors shift ransomware from an isolated security incident to a time-critical business risk requiring faster detection and containment.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN fits into modern SOC workflows, integrating into existing processes and supporting investigations across Tier 1, Tier 2, and Tier 3.
It helps teams safely detonate suspicious content, confirm real behavior, enrich findings with threat context, and apply fresh intelligence to move faster and make confident decisions.
Today, more than 600,000 security professionals and 15,000 organizations rely on ANY.RUN to accelerate triage, reduce escalations, and stay ahead of evolving threats.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X
Legal Disclaimer:
EIN Presswire provides this news content “as is” without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
