Overview
- Check Point Research, which published its analysis Tuesday, says a cross‑platform bug in VECT 2.0 irreversibly destroys files larger than about 128 KB on Windows, Linux, and ESXi.
- The malware splits big files into four chunks but stores only the final 12‑byte nonce, leaving the first three quarters impossible to decrypt for victims or attackers.
- Contrary to its marketing, the locker uses raw ChaCha20‑IETF without the Poly1305 integrity check, removing any protection that would verify or help recover altered data.
- VECT operates as a ransomware‑as‑a‑service with affiliate access via BreachForums and a partnership with TeamPCP to weaponize recent Trivy, LiteLLM, KICS, and Telnyx supply‑chain compromises.
- Check Point advises organizations not to pay and to restore from offline backups, isolate infected systems, rotate credentials after suspected supply‑chain exposure, and monitor for a patched variant as the leak site lists few confirmed victims so far.