Inside Vect Ransomware-as-a-Service
Essential information
- Published
- 30/04/2026 23:40
- Modified
- 04/05/2026 14:30
- Tags
- 2026-04-30 breachforums ransomware-as-a-service supply chain attacks teampcp vect
- Related entities
- 2 observables, 1 intrusion sets (apt), 19 techniques (mitre), 2 malware, 3 others
Description
Vect ransomware emerged in January 2026 as a new threat actor operating a Ransomware-as-a-Service program with strategic partnerships that significantly expand its reach. The group has partnered with TeamPCP, known for supply chain attacks compromising security tools like Trivy, KICS, and LiteLLM, and BreachForums, distributing affiliate keys to forum members. With 25 published victims primarily targeting the United States and Technology sector, Vect maintains an open affiliate program requiring only a $250 invite code. The operation offers multi-platform ransomware payloads for Windows, Linux, and ESXi with sophisticated lateral movement capabilities and tiered commission structures reaching 89% for top affiliates. Analysis reveals connections to the defunct Devman ransomware through shared code strings and ransom note similarities, suggesting possible rebranding or code reuse.