VECT 2.0 ransomware acts as a wiper, destroying files over 131KB across Windows, Linux, and ESXi, making recovery impossible.
A newly identified ransomware strain known as VECT 2.0 is raising alarm among cybersecurity experts after researchers found it permanently destroys files, making recovery impossible even if victims pay.
According to a report published on April 28, 2026, by Check Point Research, the malware behaves more like a data wiper than traditional ransomware due to a critical flaw in its encryption process.
The VECT 2.0 operation targets systems running Windows, Linux, and ESXi, but instead of securely encrypting files for later decryption, it irreversibly corrupts data especially files larger than 131KB. Researchers warn that this size threshold includes most enterprise-critical files, effectively rendering systems unrecoverable.
Security analysts say the flaw means attackers themselves cannot restore the data, eliminating any realistic chance of recovery. “Paying is not a recovery strategy,” experts noted, emphasizing that no working decryption tool can exist because the necessary data is destroyed during the attack.
The ransomware is part of a broader Ransomware-as-a-Service (RaaS) ecosystem that first emerged in late 2025 and has since gained traction among cybercriminal affiliates.
The discovery highlights a growing shift in cybercrime tactics, where some ransomware campaigns blur the line with destructive malware, increasing risks for organizations that rely on ransom payments as a last resort.
Related articles :
- Prolific bulletproof hosting service sanctioned by the UK and allies
- Lazarus Group Uses Medusa Ransomware in Healthcare Attack
- FBI Seizes Major Ransomware Forum RAMP
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
