New Vect RaaS Group Targets Organizations in Brazil and South Africa

First reported

03.02.2026 16:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new ransomware-as-a-service (RaaS) group named Vect has emerged, targeting organizations in Brazil and South Africa. The group, which began recruiting affiliates in December 2025, uses custom-built C++ malware with ChaCha20-Poly1305 AEAD encryption and intermittent encryption techniques. Vect operates with a high level of maturity, offering cross-platform ransomware targeting Windows, Linux, and VMware ESXi, and employs strong operational security measures. The group has already claimed two victims and operates a double extortion model. Vect's malware is notable for its speed and disruption capabilities, and the group's infrastructure is exclusively hosted on TOR hidden services. Initial access is likely achieved through exposed RDP/VPN, stolen credentials, phishing, or vulnerability exploitation.

Timeline

03.02.2026 16:00 1 articles · 11h ago

Vect RaaS Group Emerges with Custom Malware and Advanced Encryption
A new ransomware-as-a-service (RaaS) group named Vect has been identified, targeting organizations in Brazil and South Africa. The group uses custom-built C++ malware with ChaCha20-Poly1305 AEAD encryption and intermittent encryption techniques. Vect operates with a high level of maturity, offering cross-platform ransomware targeting Windows, Linux, and VMware ESXi, and employs strong operational security measures. The group has already claimed two victims and operates a double extortion model.
Show sources

Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
Open in new tab

Information Snippets

Vect RaaS group began recruiting affiliates in December 2025.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
Vect uses custom-built C++ malware with ChaCha20-Poly1305 AEAD encryption.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
The group employs intermittent encryption techniques for faster and more disruptive attacks.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
Vect targets Windows, Linux, and VMware ESXi platforms.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
The group operates a double extortion model, listing victims on a public leak site.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
Vect's infrastructure is exclusively hosted on TOR hidden services.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00
Initial access is likely achieved through exposed RDP/VPN, stolen credentials, phishing, or vulnerability exploitation.
First reported: 03.02.2026 16:00

1 source, 1 article
Show sources
- Researchers Warn of New “Vect” RaaS Variant — www.infosecurity-magazine.com — 03.02.2026 16:00

Summary

Timeline

Vect RaaS Group Emerges with Custom Malware and Advanced Encryption

Information Snippets