Don't pay Vect a ransom - your data's likely already wiped out
Summary
Organizations that paid the threat actor Vect for data recovery after supply-chain attacks involving Trivy and LiteLLM likely received little to nothing back. The ransomware used by Vect is actually a wiper that destroys any file larger than 128KB, making full recovery impossible for both the victim and the attacker.
IFF Assessment
The threat actor's actions involve data destruction rather than encryption, which is worse for defenders as it eliminates the possibility of recovery even by paying the ransom.
Defender Context
This incident highlights the evolving tactics of threat actors, moving from pure encryption to data destruction which presents a significantly higher impact for victims. Defenders should focus on robust backup and recovery strategies, and assume that data loss is a possibility even if ransoms are paid when dealing with sophisticated wiper attacks.