'VECT is being marketed as ransomware...but it functions as a data destruction tool': Experts warn this "broken" ransomware is now acting as a data wiper, so protect your files now

New ransomware variant destroys everything bigger than 128kb

News By Sead Fadilpašić published 29 April 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• A new ransomware variant was found to function as a destructive data wiper
• Flawed nonce handling causes files larger than 128 KB to be permanently lost
• Despite being marketed as RaaS, victims cannot recover data even if they pay

VECT 2.0, a relatively new ransomware variant that’s being offered for sale on dark web forums, is actually broken and works as a data wiper instead of an encryptor, researchers are warning.

In a new in-depth report, cybersecurity outfit Check Point explained that the problem is in the way VECT 2.0 handles “nonces” - random values needed to correctly encrypt, and later decrypt the data. Apparently, the malware splits large files into chunks, but instead of using new memory space for each nonce, it reuses the same, thus overwriting the previous one.

In other words, it loses the “keys” for most parts of the file as it goes along. Only the last part of the file can be recovered, while the rest is permanently destroyed. So even if the victims decide to pay the ransom demand, they still won’t be able to recover their files, nor would the threat actors be able to help with that even if they wanted to.

Article continues below

Teaming up with TeamPCP

To make matters worse, what the encryptor considers a “large file” is also wrong. Check Point says that everything above 128kb, which is laughably small by today’s standards, will end up being wiped.

“At a threshold of only 128 KB, smaller than a typical email attachment or office document, what the code classifies as a large file encompasses not just VM disks, databases, and backups, but routine documents, spreadsheets, and mailboxes. In practice, almost nothing a victim would care to recover falls below this boundary,” Check Point warned.

VECT has reportedly been advertising itself on dark web forums lately, offering a Ransomware-as-a-Service model and inviting affiliates and teaming up with TeamPCP, a relatively young threat actor that has already made a name for itself with successful attacks against Trivy, LiteLLM, Telnyx, and the European Commission.

The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors