Bqtlock
Parsing : Enabled
Known to be a RaaS
Description
aka BaqiyatLock
BQTLock surfaced in July 2025 and operates as a fully-fledged Ransomware-as-a-Service (RaaS) with a double-extortion model. It employs AES-256 for file encryption, with keys secured by RSA-4096, appending the .BQTLOCK extension to encrypted files. Victims receive ransom notes such as READ_ME-NOW_*.txt, warning that failure to make contact within 48 hours doubles the ransom, and that decryption keys will be destroyed after seven days. The group offers tiered pricing "waves" with different XMR (Monero) amounts for quicker decryption—e.g., Wave 1 might cost 13 XMR, while Wave 3 could be 40 XMR. Targets include organizations such as U.S. military alumni networks and educational institutions.
| External Analysis |
| https://www.pcrisk.com/removal-guides/33382-bqtlock-ransomware |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bqtlock |
| https://www.cybershafarat.com/2025/07/30/bqtlock-ransomware-op-status/ |
| Telegram |
| https://t.me/BQTlock |
| https://t.me/liwaamohammad |
| https://t.me/ZeroDayX1 |
| https://t.me/BQTlock_raas |
| https://t.me/Fuch0u |
| Other |
| https://x.com/zerodayx1 |
| Urls |
Screen |
| http://yywhylvqeqynzik6ibocb53o2nat7lmzn5ynjpar3stndzcgmy6dkgid.onion/ |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2025-08-09 |
European Business Server Cluster |
Domains:
www.bizoneo.com
www.bizosoft.eu
meeting.wandsoft.com
dataprotectionact.ie
bizoneo.com
www.bizoneo.eu
www.bizoneo-membership.eu
www.tourguides.ie
bizoneo-membership.eu
cleanrooms-ireland.ie
www.cleanrooms-ireland.ie
members.tourguides.ie
+138 more
Active Since:
2005-
Data Size:
Shown in video
Payment Status:
Unpaid (private XMR requested)
Encrypted Type:
Full computer and database backups |
|
| 2025-07-31 |
eFunda, Inc. |
Domain: efunda.com (270+ subdomains)
Active Since: 1999
Data Size: ~670 GB (encrypted)
Payment Status: Unpaid (200 XMR requested)
Leak Type: Full database + backups
|
Screen |
| 2025-07-30 |
USA Military Alumni Networks |
Domains: isabrd.com, varsityo.com, letterwinner.com, whoglue.net, whoglue.com, whoware.com, mail.usna87.com
Active Since: 2000-
Data Size: ~159 GB (encrypted)
Payment Status: unpaid (500 XMR requested)
Leak Type: Full database + backups
|
Screen |