⚠️ New #RaaS alert: #BQTLock hides inside explorer.exe, bypasses UAC silently, and wipes its own launcher with a self-deleting script.

❗️ Healthcare & Finance at risk, but not just them. See how to detect and stop: https://any.run/malware-trends/bqtlock/?utm_source=mastodon&utm_medium=post&utm_campaign=bqtlock&utm_term=090326&utm_content=linktomtt

#cybersecurity

⚠️ New ransomware #BQTLock & #GREENBLOOD are actively targeting businesses.

Stealth, rapid encryption, and leak-site pressure leave SOC teams little time to react.

Check out detailed analysis and an actionable plan to detect them before downtime ⬇️
https://any.run/cybersecurity-blog/emerging-ransomware-bqtlock-greenblood/?utm_source=mastodon&utm_medium=post&utm_campaign=emerging_ransomware&utm_term=110226&utm_content=linktoblog

#cybersecurity #infosec

⚠️ #BQTLock ransomware uses #Remcos injected into explorer.exe to hide inside normal system activity. In the #ANYRUN Sandbox, behavioral analysis and file system monitoring exposed a UAC bypass via fodhelper.exe, followed by persistence through autorun mechanisms with elevated privileges.

👾 Once elevated, the malware moves into data theft and screen capture. See the full execution chain and collect #IOCs to speed up detection and cut response time: https://app.any.run/tasks/90be5f16-fdde-4aca-9482-86e2aa43fba0/?utm_source=mastoodon&utm_medium=post&utm_campaign=bqtlock_case&utm_term=300126&utm_content=linktoservice

👨‍💻 Learn how #ANYRUN Sandbox helps SOC teams detect complex threats early: https://any.run/features/?utm_source=mastodon&utm_medium=post&utm_campaign=bqtlock_case&utm_term=300126&utm_content=linktosandboxlanding

#cybersecurity #infosec