VECT Ransomware is a Wiper, Not Ransomware — Don’t Bother Paying, Says Check Point Research reports that researchers examined all three versions of VECT and found a flaw that causes the malware to discard the information needed to reverse encryption, meaning there is no decryptor available.
It states that when VECT encrypts large files, it permanently discards the data required to reverse the process, so the attacker cannot provide a working decryptor not because they are unwilling, but because the means to decrypt no longer exists anywhere. The piece notes that this affects files ransomware groups typically rely on—virtual machine images, databases, backups, and archives—and that for these file types, VECT is not ransomware but a data wiper with a ransom note attached.
According to Check Point Research, the flaw exists across all three versions (Windows, Linux, and VMware ESXi) and has been present in every known version, including samples predating the public 2.0 release, and it has never been fixed. DataBreaches[.]net summarises the findings and references the Check Point blog post and full report for readers seeking more detail.