Find notable cyber news and cases, enriched with sources, timelines, and signals.

Vect ransomware activity with cross-platform encryption and double extortion

Malware Activity
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

Security researchers say Vect is a new ransomware-as-a-service (RaaS) operation that has already claimed victims in Brazil and South Africa. Its malware targets Windows, Linux and VMware ESXi, uses ChaCha20-Poly1305 with intermittent encryption, and runs in Safe Mode to suppress security tools. The group is also using a double extortion model and recruiting affiliates, suggesting it is preparing for broader expansion.

Related Happenings

Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance

Threat Actor Meta
H score67 First: 03.07.2026 14:30 Last: 03.07.2026 14:30 Sources 1

About this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...

Vect 2.0 ransomware wiper-flaw activity

Malware Activity
H score31 First: 29.04.2026 18:23 Last: 29.04.2026 18:23 Sources 1

About this happening: The **Vect 2.0** ransomware variant now **permanently destroys large files** instead of encrypting them, which can leave defenders without a recoverable copy. The flaw affects ver...

Vect ransomware flawed ChaCha20 implementation destroys large files

Technical Analysis
H score4 First: 29.04.2026 13:45 Last: 29.04.2026 13:45 Sources 1

About this happening: **Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...

Vidar infostealer market rise and distribution expansion

Malware Activity
H score30 First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

VECT 2.0 ransomware-branded file destruction malware

Malware Activity
H score4 First: 28.04.2026 17:01 Last: 28.04.2026 17:01 Sources 1

About this happening: The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...

Timeline

  1. 03.02.2026 16:00 2 articles · 5mo ago

    Vect RaaS disclosed with cross-platform ransomware and double extortion

    Initial Disclosure

    Vect is described as a new ransomware-as-a-service operation that began recruiting affiliates in December 2025, had already claimed victims in Brazil and South Africa, and used custom C++ ransomware targeting Windows, Linux and VMware ESXi with ChaCha20-Poly1305, intermittent encryption, Safe Mode execution to suppress security tools, and a double extortion model backed by TOR, Monero, and TOX-based affiliate communications.

    Show sources