Bqtlock
Compare
Parsing: enabled
Known RaaS
Description
aka BaqiyatLock
BQTLock surfaced in July 2025 and operates as a fully-fledged Ransomware-as-a-Service (RaaS) with a double-extortion model. It employs AES-256 for file encryption, with keys secured by RSA-4096, appending the .BQTLOCK extension to encrypted files. Victims receive ransom notes such as READ_ME-NOW_*.txt, warning that failure to make contact within 48 hours doubles the ransom, and that decryption keys will be destroyed after seven days. The group offers tiered pricing "waves" with different XMR (Monero) amounts for quicker decryption—e.g., Wave 1 might cost 13 XMR, while Wave 3 could be 40 XMR. Targets include organizations such as U.S. military alumni networks and educational institutions.
External Analysis3
| External Analysis |
|---|
| https://www.pcrisk.com/removal-guides/33382-bqtlock-ransomware |
| https://www.watchguard.com/wgrd-security-hub/ransomware-tracker/bqtlock |
| https://www.cybershafarat.com/2025/07/30/bqtlock-ransomware-op-status/ |
Telegram5
| Telegram |
|---|
| https://t.me/BQTlock |
| https://t.me/liwaamohammad |
| https://t.me/ZeroDayX1 |
| https://t.me/BQTlock_raas |
| https://t.me/Fuch0u |
Other1
| Other |
|---|
| https://x.com/zerodayx1 |
Urls1
| Url | ||||
|---|---|---|---|---|
| http://yywhylvqeqynzik6ibocb53o2nat7lmzn5ynjpar3stndzcgmy6dkgid.onion/ | Down |
|
Activity (interactive) 5
Posts5
| Date | Title | Description | Screen |
|---|---|---|---|
| Adore UAE | Domains: adoreuae.com www.adoreuae.com Active Since: 2017 Data Size: ~private (encrypted) Payment Status: Unpaid (66 XMR requested) Encrypted Type: All servers and data | ||
| EPS FUJ Private School UAE | Domains: epsfuj.com www.epsfuj.com Active Since: 2024 Data Size: ~private(encrypted) Payment Status: Unpaid (50 XMR requested) Encrypted Type: All servers and data | ||
| European Business Server Cluster | Domains: www.bizoneo.com www.bizosoft.eu meeting.wandsoft.com dataprotectionact.ie bizoneo.com www.bizoneo.eu www.bizoneo-membership.eu www.tourguides.ie bizoneo-membership.eu cleanrooms-ireland.ie www.cleanrooms-ireland.ie members.tourguides.ie +138 more Active Since: 2005- Data Size: Shown in video Payment Status: Unpaid (private XMR requested) Encrypted Type: Full computer and database backups | ||
| eFunda, Inc. | Domain: efunda.com (270+ subdomains) Active Since: 1999 Data Size: ~670 GB (encrypted) Payment Status: Unpaid (200 XMR requested) Leak Type: Full database + backups | Screen | |
| USA Military Alumni Networks | Domains: isabrd.com, varsityo.com, letterwinner.com, whoglue.net, whoglue.com, whoware.com, mail.usna87.com Active Since: 2000- Data Size: ~159 GB (encrypted) Payment Status: unpaid (500 XMR requested) Leak Type: Full database + backups | Screen |
