BQTLOCK Ransomware-as-a-Service Emerges, Boasting Sophisticated Evasion Tactics

Ransomware-as-a-Service (RaaS) models continue to democratize sophisticated attacks in the ever-changing world of cybercrime by allowing affiliates with little technical know-how to distribute ransomware through profit-sharing or subscription models.

A newly identified strain, BQTLock, has emerged since mid-July 2025, operating under this RaaS paradigm and marketed aggressively on dark web forums and Telegram channels.

Overview of the Emerging Threat

Linked to ZerodayX, the alleged leader of the pro-Palestinian hacktivist group Liwaa Mohammed previously associated with the Saudi games data breach BQTLock employs double extortion tactics, encrypting files with a .bqtlock extension and threatening data leaks if ransoms of 13 to 40 XMR (approximately $3,600 to $10,000) are not paid within 48 hours via Monero cryptocurrency.

Failure to comply doubles the demand, with keys deleted and data sold after seven days. Distributed as a ZIP archive containing Update.exe and supporting DLLs, the malware integrates anti-analysis measures like string ...