A critical flaw in the VECT 2.0 ransomware's encryption implementation renders files over 131KB irreversibly destroyed on Windows, Linux, and ESXi systems, rather than being encrypted1. This defect effectively turns VECT 2.0 into a wiper, making recovery impossible even if the victim pays the ransom. The malware's locker permanently destroys large files, leaving no chance of retrieval. This behavior is unusual for ransomware, which typically aims to extort money from victims by encrypting their files and offering a decryption key in exchange for payment. The VECT 2.0 operation's flawed implementation has significant implications for victims, as it destroys valuable data beyond recovery. This highlights the importance of robust backups and disaster recovery plans to mitigate the impact of such attacks. The destruction of large files by VECT 2.0 matters to practitioners because it underscores the need for proactive measures to prevent data loss, regardless of the attacker's intentions.
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
⚠️ Critical Alert
Why This Matters
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation.
References
- The Hacker News. (2026, April 28). VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi. *The Hacker News*. https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html
Original Source
The Hacker News
Read original →