bqtlock

Ransomware group profile

11Victims

UnknownSource country

70Impact score

Also Known As

BAQIYATLock

Liwaa Mohammad

BQTLock

BQT Ransomware

bqtlock

Description

BQTLock, also known as Baqiyatlock313, is a ransomware group that emerged in July 2025, utilizing a Ransomware-as-a-Service model. Despite its pro-Palestinian messaging, the group's primary motive is financial gain, targeting various sectors through phishing and exploiting vulnerable systems.

Key insights

•Operates under a Ransomware-as-a-Service model with tiered affiliate access.
•Targets healthcare, manufacturing, and professional services sectors.
•Employs double extortion techniques, threatening data publication if ransoms are unpaid.
•Utilizes a hybrid AES-256 and RSA-4096 encryption scheme for file encryption.
•Gains initial access through phishing, exposed RDPs, and vulnerable software.

Industries

Government & Defense Healthcare Hospitality Manufacturing Retail & E-Commerce Technology

Threat Level & Status Breakdown

For bqtlock · Based on incidents in selected period

1.8threat level

Aggressiveness2.8/ 10

Lethality0.5/ 10

Criticality2.4/ 10

Status Breakdown

Data Leaked9.1%1

Negotiating9.1%1

Claimed36.4%4

First seenJul 2025

Last seenApr 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 25, 2026

Recent activity

Monthly attack count for bqtlock in the selected period

11Total attacks

4peak in Dec

1.8avg / month

↓ 1 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for bqtlock

789c2008899fae1ef90205c72d15dc04803baa1c
7d24b4af7a5b9e599862bf1566c64e6465871cf3d360676346088eb2f176ae07
7170292337a894ce9a58f5b2176dfefc
a41c78d94c70caa49d30fca0b62e15b2
03427263da43843baf7cfd85f305fc77
49f89b2fdef345a9d92fc821e4a226d8ac99e4ca0d2d11b5654f6557800b85f2
89c591228df334c3a974ed7b96e2060258171b78
a6d91094a222da6576260abf52a07b79
9323fca75a86c75ffbdcc88ed8f35e5a
f4ed428b01841e8731fa3611b9d7a73b
ab03fe3fb16b8b931d2679e67f571cf1
de96beb0baa7243dd7f39b2c400bbc44
375d5d81cba2a78967604c6b77369e79
d8f6dad64c78b9767d8c2004c05bce64d30d8d268276dfff4adab45781e6fe1c
84c7bfb0e243dd99b674e48701acab6b
a9b717d4d038bf50b08c5de5b491e32e
507eae5d91a3e0ad47130b5103e35e1d621163e5
455a77c86d57447e04b6b3781e1076a88a8635ed
af90666822646e35eb52248f4a89eb715ce9f44459205bc24827a2aafe053548
d4999a1bd31343ef380147b10c2a185411cd5413
69e6fa25e66c23121826805bbcb890ac
47deaf4e5b35781b5447c3a1b92721ad
e0e3a45da417eaa356c2ca00d71dae0edd42a24f
9600db537e27db88ed2eca3be0ffab35cdb22a86a6dbb048d8deaf8f56944822
5ffa525fead0b2d81d8bbfa0630aebee5f0b2d3f4ab583e92ac41e6c8f814661
67e7b0bf057c8c7ef117be16a168833235920d0af16921ff59d0866f0d05e050
b02679ecb54344490f87f91dda88ace6
a441e0a25276952bb4fa2f29e06fc209
30121e98200ba3a8ae4704c3441f2618
425b2f283b71237276f84d941d9c2982c7f61a9aff12ece10e15065b73b7165e
f2319166e6ab26471ce68adc7dcebe0192d27d8d
b91ea42a34f873a155e7d1fba412cd2946cb362f
a065c2d25096957126b9739f95810a12
f1347fec7c34ba11884cb216c7ff5af0
08b7c181fa4f234e3b3ad8a0e36c613b
53385e0fd7fc9c88080abf5b97cd5b84b31c876e
ba8291a7d062dcfcdf824399b42eef9f
7d6f7a6e5bac9045039afd062e0eae9a25ee82c2
ebc2ad209a2b0c70abbdc670507712f50fe2b29e
7c0b31d787e926082607e773ed4b9b45
4369aed581de0fe84c25a1ef2c3cf0bb6bf70df8b51fdf38b3b0b2a55f43261b
5062c623fe8368cc69c00a8f7d780fbb
162e4777b60919f8d2747588181135f5664eee20
7440e0323df806c324ebcc97306687db
5b992a3438e344dddcdd66151a40efb3452b2ff37cdc40b37db612afeb29ed29
b5b6ca51a18389e8d0fb624bd0d876041b5cdfa9
f0560d544a8b310b6b6446be10f8d10a1f706171
cd4dad081f725dfbfb7a953be2d375e642cb70b31c657855f6acb0b6f1cb0a4f
881b048234ebed82339244eb0c18580d785944dc82f83949f6adc1a9bc225c3b
ed5471d42bef6b32253e9c1aba49b01b8282fd096ad0957abcf1a1e27e8f7551
d647659069d09b59a0e5d3608df314b2
d6cb9f18705c34c515dbfd59c4015576
67a315a0fe8d466f71716a83ab0e745ec4a7fa2e210a1b06e3396b516f554554
4525387f28bee6bb48d07e6989319f382447a8a6e48ae11f332dee9916feb8cc
caef2db273f466df3e2fa8c61bca6f9d58c99057
c57a95d05d2f82d68204431bc8bd4d99bb1e4811
22d892ee990b3d75e3fff497b75667dd
f52d8ae29652f58eda468caf80aebc33
2aae1d749353067f5afb5bebedb5249047f60e7aaa9684ac7c779a0908b1573c
dae6729cc3bfcbd700fc7e46818aada2
b80c7b84bb479a2ec526f0b195a83b99
9547933dd46501af7fc095a3513e48b81178e344b86e075b679259875f0fd5a7
4b4d6e2ffbbc2f2e13202125cbff097b2eedd654
11affbeb18f4d6edcc9a4be5a82f8e23dfc31178887e97119faa5ddc75990494
ce9a67a19b71a59ea70f634a5645e7d1a56ec293
4e7434ac13001fe55474573aa5e9379d
d4ecadc8b0887023abe0f0a8459ee5a9f8414e1d
0e94ec2e86ad128c1a998e462c3aba2b38fb0714980aa97e4013cb314127d25a
ac9088078884311fd32c47997c5c77cc
afa5c27726efe4576e1161c0c17f83524a447c4f
16b4f2af4cd1d1e1fd2089d0c0697534
dbc6750d065d4ab641877b630cc7f59866c91183
4bfb227d9445981d2940fe7d20001ed3
3c8d106f63d1ed921f9b8c7d103d73cd591fe19c
00005ed250d85fc47e4c3883b8e6179a9888b8140acfeb94a40edc36bd523adb
22fc83d0eb4cfac43772694a6878960d4ce47d13
ee6fc659d64a771ce7a0a265e035f290
ab04fc3cbe5aa5f61e603328969673d027d82a27a5958f669893bb8f3cf66cba
a18c29c72d1808477727ec2a611cee0f22ecd435457265bcf10823e0980c3636
d6a9f97b4e37f6d619a5b88c2947730e
cd5e7b3b59cea14b804f6c01821d1ab94a0046422fe956f623b238c5db0cac99
af123fab559cb11a1a844acf997b2c61
7ff1a6efe00d7b78094d3eb1740f179c
c34d690bbe1f9dc78066c881e3596505
d244b63e40aab7299d194c11bf060054
9cd62dbace3324487124787127cff7c63a9f005d8d3aff9bac28c437e5caefc7
2db8cce5bb24a768a7a60c28e46b8b1e1655fc5f
ac8acef11171d3d45bb9386b59f7e2a9
110df49522d46b612a28bafbdff3405c
793813ddcc1ea542c98b0c082a025a2a
f558a0bcd20e01e46551a491c66114e8
a8dd699bbf697e84023ffc38beaeaa3660655f44
6a154a0319db6f9d10210b91b4ab614cdb822dd3
6169d9521df9b4149f055be01088bb62548a180f
10938c2d01dc999d2fe1f8c635e3705e7e663077935a17e730c849d1191c76ed
213afdbedfd181f4ff5bc831cbf22595648694a7
9569c8631bcd37da1a5048d979362804
630edad05cfe37d5435d12afb88ac9106bde19b5
9c58050d0fb79c4863ae6df6aa661d9e
196509ec4599d93a1cf42d70623ac9098c8979bb
058a1dbfa03cac6cc67d34a4dcc69445
73a0b940a037a2c20f1e2a9426be8d05933e1874
b7796a3b1812f329c43d5d37bbb6d8032b7bc06b15af29f555eb3e0c7b1b1c3d
406e6065cac225b47784fb07230962e28abbb6fa
fbd67a3bcc964e370931f620a85bf368d7b5797ebc1d53fe3be11a89a90e7961
5531198fdd7c3691be3b0bb2e449dafa29620c85
410a2742a98634af637d498c7cfa04a3
97524f4c582e0fbe46b74a7cfe4db9f078f368520cda25f27a50c5d2c50161f9
780e34c72404fd464669626ae554b81393d2bae95293284b375bb5d989914486
56eec59a5fe3f5a3c2c836701557bf1956770f465cd9e049995b86aef76a3e39
a6a397fec6c109a1402c6f1144d647843b2093f65fedd27204b40ebeea0640b6
972b1677621bbdc45ef61c56cd9909d2
5be5795b1aec7dc36b8937ee9122f6bdc6d94745
b211537ea626fae4ad2ef5ee2652633dc68aaf20da6eb953a44f266c4106b367
1859f56847ccabc6581a56f55041955f
020d888236be6a7fffa99c7f35bf2797
147e72282e47ba19f121402abc358bc2
733efdd0895e5fd1fe9ee73d214ce58c
862f29aa00bb4ee33729bc6699990dbdf9ef890b8364f8288b173cb1ca5d6787
e261a796d883fe301715798519228480
e0080e35657caed78566384a2e7b1ef4
bc8cc3ca2a45ebb934cd71218d9b56b3
dacbba7f18d0835deb2eeb4e4d82c8f57234767291a90da1a5f3fd02d6bc13c2
6880e0567dc6a8885d1d58b79b6d5c12
5befee1210165646b4bb6574663f01ace27c630e
3478194a509ae4d2f0a31435952b27bc
6fa76affe2bcf806e0abf98c1086971395324697
b098f67726a4a3f7277b3f41a86d503c
2b0698d2a85c000e83242a06708461895deec84c
e73abc48015c54214b2edae4a6d1ed25
e2622ede1ebe5a37c439a32f0c63c13f893d1e5513b27367502898651cc5464b
008ec0226066572f4b27f100d08443120b9dd55cefbec2bbff994b5b552e546c
0ccd3f2d7e6637eaf5414e35b97d9d8bf6b8e4182859cace8ca8e02377a4e62a
3bc9f741223f23601c3a8975da552af6
3857744a651da4e431083180798041a5e888b09334a1a04c2c047216f471b0f6
acf3b7f2f07f5d04083f99b82eb0c8ba
4f935fd188b1e9965e083f72ec33712dae53409a
f77c203d0c80598954c06a0f6f0c46f8b885ba423d12a21f13ded0168aa11b10
f578c14c36833491fa8aa407b4d4b00b
b61ae633616d7dd29aaf0b170fdfbe8f282c0f8bdcb1c52aedee473ce4bf5789
38f8aa1447a7b8b445499e45102ae84b51fb52e3
590e47944ef0597bf1ff1d41656859b776e7031a4611cbf22d619002cbe49312
618070d597dd73c43ba5d4bde2baa93a4f6038e3279de3bafe688caa5c409a58
324eabc27a25f524c94bb62573986b3335ab5181ddc6825d959d16aaaccdc7aa

View full IOC feed300 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for bqtlock

Other

T1486

T1490

T1021

T1562

T1080

T1078

T1547

T1059

T1021.001

T1105

T1071.001

Victims(11)

Company	Domain	Country	Industry	Status	Discovered
Metro Hospital USA	—	US United States	Healthcare	Negotiating	3 months ago
DGM	—	IL Israel	Technology	Unknown	6 months ago
Morning Desert Safari	—	AE United Arab Emirates	Hospitality	Unknown	6 months ago
Arabian Desert Safari	—	AE United Arab Emirates	Hospitality	Unknown	6 months ago
Dhow Cruise Dubai Harbour	—	AE United Arab Emirates	Hospitality	Unknown	6 months ago
Hatta Heritage Village	—	AE United Arab Emirates	Hospitality	Unknown	6 months ago
Adore UAE	adoreuae.com	AE United Arab Emirates	Retail & E-Commerce	Claimed	9 months ago
EPS FUJ Private School UAE	epsfuj.comw	AE United Arab Emirates	Retail & E-Commerce	Claimed	9 months ago
European Business Server Cluster	bizoneo.com	IE Ireland	Retail & E-Commerce	Claimed	11 months ago
eFunda, Inc.	efunda.com	US United States	Retail & E-Commerce	Claimed	11 months ago
USA Military Alumni Networks	—	US United States	Government & Defense	Data Leaked	11 months ago

Affected countries(14)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates 🇦🇺Australia 🇧🇷Brazil 🇨🇦Canada 🇩🇪Germany 🇪🇸Spain 🇬🇧United Kingdom 🇮🇪Ireland 🇮🇱Israel 🇮🇳India 🇮🇹Italy 🇱🇧Lebanon 🇸🇦Saudi Arabia 🇺🇸United States