VECT 2.0 Ransomware Is Actually a Data Wiper Due to Encryption Bug, Check Point Research Finds

Check Point Research discovered that VECT 2.0 ransomware contains a critical encryption flaw making it a de facto data wiper. Files larger than 128 KB permanently lose 3 of 4 required decryption nonces because the malware only appends the final nonce to disk — the first three are silently discarded. Recovery is impossible even after ransom payment. The flaw affects all three platform variants (Windows, Linux, ESXi) and was present across all publicly available versions. Virtually all enterprise-critical files (databases, VM disks, documents, backups) exceed the 128KB threshold. Check Point researchers analyzed the malware after gaining access to Vect's affiliate panel on BreachForums.