THE latest Vect 2.0 ransomware variant acts as a wiper due to a design error, destroying large files instead of encrypting them and undermining the possibility of recovering data even if a decryptor is paid for. According to Check Point Software, the flaw is consistent across Windows, Linux and VMware ESXi versions and makes the ransomware effectively a data wiper for enterprises’ files, including VM disks, databases, documents and backups, once files are 128 KB (131,072 bytes) or larger.
The report explains that the encryption process uses four new nonces per large file but only the final nonce is stored on disk, meaning the first three nonces are discarded and cannot be used to decrypt the chunks. Check Point notes other incomplete implementation issues, such as encryption modes that are parsed but never applied and obfuscation routines that cancel themselves out.
The findings come as Vect ransoms were previously tied to a partnership with TeamPCP, with researchers warning that the wiper flaw could impede ransom payments and recovery prospects for victims. 29 April 2026