Vect ransomware is a newly identified RaaS operation active since January 2026, leveraging partnerships to expand its reach. It offers affiliates multi-platform ransomware payloads for Windows, Linux, and ESXi environments, with advanced lateral movement techniques. The affiliate program requires a $250 invite code and provides tiered commissions up to 89%. Vect is linked to supply chain compromises of security tools by TeamPCP and distributes affiliate keys via BreachForums. Analysis shows code and ransom note similarities to the defunct Devman ransomware, suggesting reuse or rebranding of code. The ransomware targets primarily U.S.-based technology sector victims, with 25 victims publicly disclosed. There is no vendor patch or remediation since this is a malware threat, not a software vulnerability.

Vect ransomware can encrypt systems across multiple platforms (Windows, Linux, ESXi), potentially causing significant operational disruption and data loss for affected organizations. Its sophisticated lateral movement capabilities increase the risk of widespread network compromise. The open affiliate model and partnerships with other threat actors enhance its distribution and infection scale. The primary impact is ransomware infection leading to data encryption and extortion demands. The threat is currently observed mainly targeting U.S. technology sector organizations.

As this is a ransomware malware threat without a software vulnerability, no official patch or fix exists. Organizations should rely on established ransomware defense best practices relevant to multi-platform environments, including robust backups, network segmentation, and endpoint protection. Monitoring for indicators of compromise such as the provided file hashes can aid detection. There is no vendor advisory indicating 'no action required' or official remediation. Patch status is not applicable. Check trusted threat intelligence sources for updates on detection and mitigation strategies.