Back

Vect Ransomware Exposed as Data Wiper for Large Files

Severity: High (Score: 66.6)

Sources: blog.checkpoint.com, Cyberdaily.Au, Theregister, www.halcyon.ai, Infosecurity-Magazine

Summary

The Vect ransomware, launched in late 2025, has been identified as a destructive wiper malware rather than traditional ransomware. Security researchers from Check Point Research discovered a critical flaw in its encryption implementation, which causes files larger than 128KB to be permanently destroyed instead of encrypted. This flaw affects all versions of Vect targeting Windows, Linux, and ESXi systems. The ransomware-as-a-service (RaaS) model has gained notoriety through partnerships with the TeamPCP gang and BreachForums, where it offers affiliates access to its tools. Organizations that have paid ransoms in hopes of recovering their data are likely to find their files irretrievably lost. The Vect group has claimed several high-profile victims, but the actual success of ransom payments remains unverified. As of April 2026, the threat continues to pose significant risks to enterprises, particularly those relying on large data files. Key Points: • Vect ransomware permanently destroys files over 128KB due to a critical encryption flaw. • The malware is marketed as ransomware but functions as a data wiper for large enterprise files. • Organizations should focus on resilience and recovery strategies rather than paying ransoms.

Key Entities

  • TeamPCP (apt_group)
  • Data Breach (attack_type)
  • Ransomware (attack_type)
  • Supply Chain Attack (attack_type)
  • Aqua Security (company)
  • Checkmarx (company)
  • Guesty (company)
  • S&P Global (company)
  • Telnyx (company)
  • LiteLLM (tool)
  • Trivy (tool)
  • Libsodium (tool)
  • Ransomware Builder (tool)
  • Ukraine (country)
  • Cwe-326 - Inadequate Encryption Strength (cwe)
  • Vect (ransomware_group)
  • VECT 2.0 (ransomware_group)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • T1485 - Data Destruction (mitre_attack)
  • T1486 - Data Encrypted for Impact (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • ESXi (platform)
  • Linux (platform)
  • VMware ESXi (platform)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed