Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes 

This Any.RUN blog post analyzes two newly observed ransomware families—BQTLock, which operates stealthily by injecting a Remcos payload into explorer.exe, performing a UAC bypass via fodhelper.exe, and escalating to credential theft and screen capture; and GREENBLOOD, a Go-based strain that uses ChaCha8 for rapid encryption, attempts self-deletion to reduce forensic visibility, and leverages a TOR leak site for extortion. The report presents sandbox-observed behaviors, recommended SOC detection and containment steps (behavioral detonation, threat intelligence lookup, TI feeds), and provides IOCs and operational guidance to shorten the window between compromise and containment.