Researchers warn VECT 2.0 ransomware mishandles encryption nonces for chunked large-file encryption, overwriting previous nonces so only the final chunk’s nonce is saved. Because lost nonces are neither stored nor transmitted, most large files—including VM disks, databases, and backups above 128 KB—are effectively destroyed, and the operators have promoted VECT on BreachForums and announced a partnership with TeamPCP to exploit supply-chain compromises. #VECT2.0 #TeamPCP
Keypoints
- VECT 2.0 reuses the same memory buffer for nonce output, causing each chunk’s nonce to be overwritten.
- Only the last 25% of a large file remains recoverable because only the final nonce is retained.
- Lost nonces are not transmitted to attackers, so even ransom payments cannot restore affected files.
- The nonce-handling flaw exists across Windows, Linux, and ESXi variants, making it destructive for enterprise systems.
- Operators advertised VECT on BreachForums and announced a partnership with TeamPCP to target supply-chain compromises.