Don't pay Vect a ransom - your data's likely already wiped out

Organizations that paid the Vect ransom in response to the recent Trivy and LiteLLM supply-chain compromises are unlikely to have recovered their data, as the malware used by the attackers is actually a wiper that destroys files larger than 128KB. This means that full recovery is impossible, even for the attackers themselves. The ransomware, which is not true ransomware, permanently deletes files, making it a destructive tool rather than a means of extortion. Check Point Research has analyzed the malware and found that it is designed to wipe out data, rather than hold it for ransom. This revelation highlights the futility of paying ransoms to Vect, as the data is likely already gone¹. So, practitioners should focus on preventing these types of attacks rather than relying on paying ransoms, as the damage is often already done.