Security researchers have issued a warning regarding the VECT 2.0 ransomware, highlighting a critical flaw in its encryption process that results in the permanent destruction of larger files instead of encrypting them.
The VECT ransomware was recently promoted on BreachForums, where users were invited to become affiliates. Access keys were distributed through private messages to interested individuals.
Notably, the VECT operators announced a partnership with TeamPCP, the threat group behind recent supply-chain attacks affecting various organizations, including Trivy, LiteLLM, Telnyx, and even the European Commission.
The collaboration aimed to target victims of supply-chain compromises by deploying ransomware payloads in their systems and launching larger-scale attacks against other entities.
The VECT 2.0 ransomware employs a flawed encryption method that leads to the destruction of large files. Due to the way encryption nonces are handled, only the final portion of the file, approximately 25%, remains recoverable while the rest becomes irreversibly damaged.
During the encryption process, each new nonce overwrites the previous one in the memory buffer, resulting in the loss of crucial encryption data. As a consequence, decryption of the affected files becomes virtually impossible.
Furthermore, the lost nonces are not shared with the attackers, rendering any decryption attempts futile even if the victims choose to pay the ransom.
.jpg)
According to Check Point researchers, the impact of VECT as a data wiper can be catastrophic in most environments, particularly for enterprise files such as VM disks, databases, and backups, which typically exceed 128 KB in size.
The researchers emphasize that the flaw in nonce handling persists across all VECT 2.0 variants, including those targeting Windows, Linux, and ESXi systems, thereby posing a significant threat to data security.
Despite its intention to speed up encryption processes, the VECT ransomware’s faulty encryption mechanism ultimately results in the loss of critical data, highlighting the need for enhanced cybersecurity measures to counter such threats effectively.
.jpg)
As organizations continue to face evolving cyber threats, it is imperative to remain vigilant and implement robust security measures to safeguard sensitive data and mitigate the risks associated with ransomware attacks like VECT 2.0.
An AI-powered exploit chain bypassed both renderer and OS sandboxes by chaining four zero-day vulnerabilities. Stay informed about emerging threats and security solutions.
Join us at the Autonomous Validation Summit on May 12 & 14 to explore autonomous, context-rich validation methods and strengthen your defense against cyber threats.
Secure Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
