bqtlock

INACTIVERansomware-as-a-Service

ransomware group

aka BaqiyatLock <br/>BQTLock surfaced in July 2025 and operates as a fully-fledged Ransomware-as-a-Service (RaaS) with a double-extortion model. It employs AES-256 for file encryption, with keys secured by RSA-4096, appending the .BQTLOCK extension to encrypted files. Victims receive ransom notes such as READ_ME-NOW_*.txt, warning that failure to make contact within 48 hours doubles the ransom, and that decryption keys will be destroyed after seven days. The group offers tiered pricing "waves" with different XMR (Monero) amounts for quicker decryption—e.g., Wave 1 might cost 13 XMR, while Wave 3 could be 40 XMR. Targets include organizations such as U.S. military alumni networks and educational institutions.

Victims

records

First Discovered

Jul 31, 2025

victim

Last Discovered

Oct 11, 2025

victim

Inactive Since

258

days

Countries

hit

Avg Discount

—

no settlements

Group Activity

Last 12 months

Jul

2025

Aug

2025

Sep

2025

Oct

2025

Nov

2025

Dec

2025

Jan

2026

Feb

2026

Mar

2026

Apr

2026

May

2026

Jun

2026

Victims (5)

Adore UAE

bqtlock🇦🇪 AE

Oct 11, 2025

adoreuae.com www.adoreuae.com

Consumer Services1.0Published

adoreuae.com

EPS FUJ Private School UAE

bqtlock🇦🇪 AE

Oct 11, 2025

epsfuj.com www.epsfuj.com

Education1.0Published

epsfuj.comw

European Business Server Cluster

bqtlock

Aug 9, 2025

www.bizoneo.com www.bizosoft.eum eeting.wandsoft.com dataprotectionact.ie bizoneo.com www.bizoneo.eu www.bizoneo-membership.eu www.tourguides.ie bizoneo-members...

Technology1.0Published

bizoneo.com

eFunda, Inc.

bqtlock🇺🇸 US

Jul 31, 2025

efunda.com (270+ subdomains)

Technology1.0Published

efunda.com

USA Military Alumni Networks

bqtlock🇺🇸 US

Jul 31, 2025

isabrd.com, varsityo.com, letterwinner.com, whoglue.net, whoglue.com, whoware.com, mail.usna87.com

Public Sector1.0Published

usna87.com

Infrastructure

No sites tracked