VECT Ransomware Destroys Files Instead of Encrypting

VECT 2.0 ransomware has a fatal cryptographic bug that destroys files larger than 128 KB instead of encrypting them. Even the attackers can't recover the data. Check Point Research published the breakdown on April 28th. VECT generates four random nonces per file but a coding error overwrites the same memory buffer four times, leaving only the last nonce on disk. The first three are gone forever, making three quarters of every large file unrecoverable, even by the operators themselves. Check Point's read is incompetence, not sabotage. Their hypothesis is parts of the code were AI-generated or copy-pasted from an older project nobody understood. Despite the bug, VECT is actively scaling. On April 16th they announced a BreachForums partnership opening affiliate status to the forum's 300,000+ registered users, and they've partnered with TeamPCP, the group behind recent supply-chain attacks on Trivy and LiteLLM. Their leak site already names victims, including the vacation-rental platform Guesty for 700 GB of data. Sources: https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/ https://thehackernews.com/2026/04/vect-20-ransomware-irreversibly.html https://www.bleepingcomputer.com/news/security/broken-vect-20-ransomware-acts-as-a-data-wiper-for-large-files/ https://www.theregister.com/2026/04/28/dont_pay_vect_a_ransom/ https://www.tomshardware.com/tech-industry/cyber-security/ransomware-accidentally-destroys-all-files-larger-than-128kb-preventing-decryption-vect-code-likely-partly-vibe-coded-with-ai-or-used-an-old-code-base-security-researchers-suggest More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #ransomware #infosec