Back

Vect Ransomware Functions as Data Wiper, Permanently Destroying Large Files

Severity: High (Score: 69.8)

Sources: www.halcyon.ai, Computerweekly, Theregister, Bleepingcomputer, blog.checkpoint.com

Summary

A new strain of ransomware called Vect, linked to the TeamPCP gang, has been identified as a data wiper rather than traditional ransomware. Check Point Research revealed that Vect destroys files larger than 128KB instead of encrypting them, making recovery impossible even if a ransom is paid. Since January 2026, Vect's leak site has listed 25 organizations affected, with four incidents reported in March. Notable victims include Guesty and S&P Global, although claims of successful ransom payments remain unverified. The malware operates across multiple platforms, including Windows, Linux, and ESXi, and has a critical flaw in its encryption process that discards necessary decryption information. This flaw affects most enterprise files, including virtual machines and databases. The Vect operators have marketed their ransomware on BreachForums, promising larger supply chain attacks. The situation remains critical as organizations are urged not to pay ransoms, as it does not guarantee data recovery. Key Points: • Vect ransomware permanently destroys files over 128KB, making recovery impossible. • The malware is linked to the TeamPCP gang and has affected at least 25 organizations. • Organizations are advised against paying ransoms, as no decryption is possible.

Key Entities

  • TeamPCP (apt_group)
  • Data Breach (attack_type)
  • Ransomware (attack_type)
  • Supply Chain Attack (attack_type)
  • Aqua Security (company)
  • Checkmarx (company)
  • Guesty (company)
  • S&P Global (company)
  • Telnyx (company)
  • LiteLLM (tool)
  • Trivy (tool)
  • Libsodium (tool)
  • Ransomware Builder (tool)
  • Ukraine (country)
  • Vect (ransomware_group)
  • VECT 2.0 (ransomware_group)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • T1486 - Data Encrypted for Impact (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • ESXi (platform)
  • Linux (platform)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed