Vect 2.0 Ransomware Functions as Data Wiper, Not Encryptor

Vect 2.0 Ransomware Functions as Data Wiper, Not Encryptor

First seen 28 Apr 2026, 22:11 UTC ThehackernewsComputerweeklyTheregisterBleepingcomputerCyberdaily.Au+15 86% similarity 69.9

Article Content

Browse articles
ThreatCluster

The Vect 2.0 ransomware, emerging from a partnership with the TeamPCP group, has been found to irreversibly destroy files larger than 128 KB instead of encrypting them for ransom. This critical flaw, identified by Check Point Research, affects all three variants targeting Windows, Linux, and VMware ESXi systems. The ransomware discards essential decryption information during its operation, rendering recovery impossible even if victims pay the ransom. Vect was first noted in December 2025 and gained notoriety for its aggressive marketing and affiliate program on BreachForums. As of April 2026, the ransomware has reportedly impacted multiple organizations, particularly those involved in supply chain operations. Analysts warn that paying the ransom is futile, as the necessary decryption keys are lost during the attack. The situation is exacerbated by the ransomware's amateur coding, which includes multiple additional flaws and non-functional features. Organizations are advised to focus on resilience and recovery strategies rather than negotiating with attackers.

Key Points: • Vect 2.0 ransomware destroys files over 128 KB, making recovery impossible. • The ransomware operates under a flawed encryption model, discarding critical decryption data. • Paying the ransom is futile, as no functional decryptor exists for affected files.

ThreatCluster AI

Timeline

2025-12-01
Vect ransomware first appeared on cybercrime forums.
2026-01-05
Vect claims its first victims.
2026-02-01
Vect 2.0 is publicly released.
2026-03-01
Vect partners with TeamPCP for supply chain attacks.
2026-04-15
Vect claims two larger victims, Guesty and S&P Global.
2026-04-28
Check Point Research publishes findings on Vect's flaws.

Community

Browse all →