Don't pay Vect a ransom - your data's likely already wiped out
Organizations targeted by the Vect ransomware, linked to recent supply-chain attacks on tools like Trivy and LiteLLM, may have little chance of data recovery even if they pay the ransom. Check Point Research found that Vect's ransomware acts more like a data wiper due to a critical flaw that permanently destroys files over 128 KB. The malware's poor coding and design flaws prevent effective decryption, making recovery impossible for both victims and attackers. Claims of high-profile victims like Guesty and S&P Global remain unverified.
- ▪Vect ransomware permanently deletes files larger than 128 KB instead of encrypting them, making full data recovery impossible.
- ▪Check Point Research attributes the flaw to improper handling of decryption nonces in Vect's encryption process.
- ▪Vect is partnered with the hacking group TeamPCP and operates via BreachForums, offering ransomware-as-a-service to users.
- ▪The ransomware affects Windows, Linux, and ESXi systems but suffers from amateurish coding and multiple technical flaws.
- ▪Despite listing several organizations on its leak site, it's unclear how many were compromised via Trivy and LiteLLM supply-chain attacks.
Opening excerpt (first ~120 words) tap to expand
Cyber-crime Don't pay Vect a ransom - your data's likely already wiped out 'Full recovery is impossible for anyone, including the attacker' Jessica Lyons Tue 28 Apr 2026 // 18:36 UTC Organizations hit by the wave of Trivy and LiteLLM supply-chain compromises that paid Vect in hopes of recovering their data likely did not get much back, according to Check Point Research. Vect's leak site lists 25 organizations since January, and four since March, which is when the extortions from the supply chain attacks began. It's unclear, however, how many - if any - of the listed orgs are tied to Trivy and LiteLLM-related compromises.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The Register.
Discussion
0 commentsMore from The Register
