BQTlock
(Active)
Aliases
BaqiyatLock
Description
This entry is under construction. However, we have included some details below.
WavesV1
Wave 1 - 1337
13 XMR
decryption for id 1337. Fastest processing time (24h).
Wave 2 - LULZ
26 XMR
decryption for id LULZ Fastest processing time (12h).
Wave 3 - 313
40 XMR
decryption for id 313 Fastest processing time (6h).
WavesV2
Wave 1 - 961
20 XMR
decryption for id 961. Fastest processing time (24h).
Wave 2 - 0436
40 XMR
decryption for id 0436 Fastest processing time (12h).
Wave 3 - 313
80 XMR
decryption for id 313 Fastest processing time (6h).
Note: Waves change monthly. You can find your ID inside the Ransomware note left on your system. Current prices are valid until the end of the month.
Ransomware Type
Crypto-Ransomware
Data Broker
RaaS
Country of Origin
Lebanon
First Seen
Threat Actors
Type
Actor
Affiliate
https://x.com/Hacker1733079
Individual
Karim Fayad [ZeroDayX]
Alliances & Associations
Type
Alliance/Association
General Association
Anon Lebanon
General Association
Liwaa Mohammed
Unaffiliated Claimant
LulzSec
Extortion Links
Medium
Link
Telegram
https://t.me/BQTlock
TOR
http://yywhylvqeqynzik6ibocb53o2nat7lmzn5ynjpar3stndzcgmy6dkgid.onion
Twitter | X
https://x.com/zerodayx1
Extortion Types
Decryption Waves
Direct Extortion
Extortion Price Increases
Free Data Leaks
Website Defacing
Extortion Amounts
Amount
200XMR($61,124)
500XMR($152,185)
Communication(21)
Medium
Identifier
BreachForums
https://breachforums.hn/User-ZeroDayX
BreachForums
https://breachforums.is/User-zerodayx1
Clearnet
https://guns.lol/zerodayx
Discord
https://discord.com/zerodayx
Email
Email
GitHub
https://github.com/zerodayx
Instagram
https://instagram.com/zerodayx_
Telegram Bot
https://t.me/BQTosintBot
Telegram
https://t.me/anonlb
Telegram
https://t.me/BQTLock313
Telegram
https://t.me/BQTlock_raas
Telegram
https://t.me/BQTnet
Telegram
https://t.me/BQTosint
Telegram
https://t.me/BQTscanner
Telegram
https://t.me/Fuch0u
Telegram
https://t.me/liwaamohammad
Telegram
https://t.me/ZeroDayX1
Twitter | X
@anonlb_
Twitter | X
@zerodayx1
Web Chat
[BQT Social] https://bqtlock.com
Encryption
Type
Hybrid
Files
AES-256
Key
RSA-4096
Crypto Wallets
Blockchain Type
Crypto Wallet
XMR
89RQN2EUmiX6vL7nTv3viqUAgbDpN4ab329zPCEgbceQJuS233uye4eXtYk3MXAtVoKNMmzgVrxXphLZbJPtearY7QVuApr
XMR
8Ab1SXRmgWyGdLhULAHDwUEWuiuDniLP4YZkpCjwKaEP8LdsWXrKh49BsErV4oXmV2PqYN3fQ2QT4hEDpq5CprNXHc6F8rw
ETH
0x917f694e52ff8f603ba6692784d284d80399cac7
BTC
16pkGQEQxEmfszi5R4bY93BSGgZQ9BTTN3
File Extension
<file name>.<file extension>.BQTLOCK
Ransom Note Name
README_DECRYPT.txt
README_pay2_DECRYPT.txt
README_pay_DECRYPT.txt
READ_ME-NOW_<7-8 random numeric characters>.txt
bqt_icon.ico
Samples (SHA-256)
324eabc27a25f524c94bb62573986b3335ab5181ddc6825d959d16aaaccdc7aa
Known Victims(45)
| Industry Sector | Country | Extortion Date | Amount (USD) |
|---|---|---|---|
| Legal | United States | ||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| United States | |||
| Information Technology | United States | ||
| Memberships & Unions | United States | 500 XMR($152,185) | |
| 200 XMR | |||
| Education | United States | ||
| Defense | United States | ||
| Education | United States | 200 XMR($61,124) | |
| Information Technology | Saudi Arabia | ||
| Saudi Arabia | |||
| India | |||
| 10,951 XMR($2,995,965) | |||
| Education | United Arab Emirates | 50 XMR | |
| Education | United Arab Emirates | 66 XMR | |
| Israel |
References & Publications
SOCRadar: Dark Web Profile: BQTLock Ransomware
The Cyber Shafarat: DOXX ZeroDayX
The Cyber Shafarat: Launch of our cyber tool: BaqiyatLock (BQTLock Ransomware)
Twitter | X: ZeroDayX1 - BQTlock is just warming up