VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Summary
The VECT 2.0 operation has been identified as a destructive wiper rather than traditional ransomware. This is due to a critical flaw in its encryption process which irreversibly destroys files larger than 131KB across Windows, Linux, and ESXi systems, making recovery impossible even for the attackers.
IFF Assessment
This is bad news for defenders as the malware's destructive nature makes recovery efforts futile, even if the attackers are apprehended.
Defender Context
This discovery highlights the evolving tactics of threat actors, who are increasingly employing destructive wipers that go beyond traditional data exfiltration and encryption. Defenders should be aware of wiper-like behaviors and implement robust, offline backups and incident response plans that account for the possibility of complete data destruction.