Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
https://www.infosecurity-magazine.com/news/critical-flaw-vect-ransomware-data/
Publish Date: 2026-04-29 06:45:00
Source Domain: www.infosecurity-magazine.com
Vect 2.0 ransomware has been found to wipes large, compromised files instead of merely encrypting them, making recovery impossible – even for the attackers.
This is due to a critical flaw in the encryption implementation. The bug, likely an unintended coding error, was discovered by Check Point Research when investigating the latest version of the Vect ransomware.
Vect is a ransomware-as-a-service (RaaS) program that first appeared in December 2025 on a Russian-language cybercrime forum and was discovered by security researchers in early January 2026.
The group quickly grabbed headlines after it announced on BreachForums that it was partnering with TeamPCP, the threat group behind several supply-chain attacks, such as Trivy, Checkmarx’ KICS, LiteLLM and Telnyx, in March and April 2026.
Additionally, Check Point reported that Vect also announced a partnership with BreachForums itself, promising that every registered forum user will become an affiliate and be granted use of the Vect ransomware, negotiation platform and leak site for operations.
“As of April 2026, this partnership is in full effect,” the Check Point researchers noted in a new report published on April 28.
Vect 2.0: RaaS Ambitions Crumble Under Poor Implementation
Allegedly built from scratch, Vect launched version 2.0 of its ransomware lockers in February 2026 after its rise to fame. Written in C++, the lockers support Windows and Linux hosts as well as VMware ESXi hypervisors. The group claims to have built all three lockers from scratch.
“Additionally, a forum post mentions that dedicated ‘cloud Lockers,’ likely targeting various cloud storage services, will be made available for affiliates that will prove their skills through a quiz or puzzle challenge in the near future,” the Check Point researchers indicated.
After obtaining the Vect ransomware builder via BreachForums, the research team analyzed the three payloads, for Windows, Linux and ESXi.
They found that all…
