""VECT is being marketed as ransomware, but for any file over 131KB - which is most of what enterprises actually care about - it functions as a data destruction tool," Eli Smadja, group manager at Check Point Research, said in a statement shared with The Hacker News."
""CISOs need to understand that in a VECT incident, paying is not a recovery strategy. There is no decrypter that can be handed over, not because the attackers are unwilling, but because the information required to build one was destroyed the moment their software ran.""
""VECT (now rebranded as VECT 2.0) is a ransomware-as-a-service (RaaS) scheme that first launched its affiliate program in December 2025. On its dark website, the group displays the message 'Exfiltration / Encryption / Extortion,' highlighting its triple-threat business model.""
VECT 2.0 operates more like a wiper than ransomware due to a flaw in its encryption, destroying large files instead of encrypting them. Victims cannot recover data even if they pay the ransom, as decryption keys are discarded during the process. The operation is marketed as ransomware, but it functions primarily as a data destruction tool for files over 131KB. Organizations must focus on resilience and recovery strategies rather than negotiation with attackers, as recovery is not possible in a VECT incident.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]