ANY, a leading provider of interactive malware analysis and threat intelligence solutions, has released new findings on BQTLock and GREENBLOOD, two newly identified ransomware threats built for fast business disruption.

By combining quick operational disruption with tactics that reduce visibility, these attacks can escalate into downtime, compliance exposure, and financial loss before teams fully confirm what's happening.

Execution Patterns Behind the New Ransomware Threats

BQTLock is a stealth-focused ransomware-linked chain that injects Remcos into explorer, performs a UAC bypass via fodhelper, and establishes autorun persistence to retain elevated access after reboot. It then shifts into credential theft and screen capture, turning the incident into both a ransomware event and a potential data exposure case.

GREENBLOOD is a Go-based ransomware built for rapid impact. It uses ChaCha8-based encryption to disrupt operations within minutes, followed by self-deletion and cleanup attempts to reduce forensic visibility. The campaign also relies on TOR leak-site pressure, adding extortion leverage even after recovery efforts begin.

Business Impact Accelerates as Detection Windows Shrink

Common business consequences include:

· Rapid downtime and service disruption triggered by fast encryption or delayed detection

· Data exposure and compliance risk driven by credential theft, screen capture, or leak-site threats

· Reduced forensic visibility caused by stealth techniques or cleanup activity

· Higher recovery and incident-response costs as response windows shrink from hours to minutes

Together, these factors shift ransomware from an isolated security incident to a time-critical business risk requiring faster detection and containment.

