216.73.217.80

VECT: Ransomware by design, Wiper by accident

· Published 28/04/2026 18:34 · Modified 29/04/2026 07:14

Export JSON

Essential information

Published
28/04/2026 18:34
Modified
29/04/2026 07:14
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
chacha20 encryption flaw esxi lateral movement multi-platform raas teampcp vect wiper
Tags
2026-04-28 chacha20 encryption flaw esxi lateral movement multi-platform raas teampcp vect wiper
Related entities
8 indicators, 8 observables, 1 intrusion sets (apt), 21 techniques (mitre), 1 malware, 1 others

Description

Check Point Research discovered critical flaws in 2.0 ransomware affecting Windows, Linux, and platforms. A fundamental encryption implementation error causes files larger than 128 KB to be permanently destroyed rather than encrypted. The malware uses -IETF cipher but only saves one of four decryption nonces required for large files, making recovery impossible even after ransom payment. 's encryption speed modes are non-functional, thread scheduling degrades performance, and anti-analysis code is unreachable. Despite partnerships with and BreachForums for distribution, the technical implementation demonstrates amateur execution behind a professional facade. The nonce-handling flaw exists across all platform variants since initial deployment, effectively transforming this ransomware into a for enterprise assets including VM disks, databases, and backups.

External references