VECT: Ransomware by design, Wiper by accident
VECT is a Ransomware-as-a-Service (RaaS) that first appeared in December 2025 on a Russian-language cybercrime forum. It has claimed at least two victims as of January 2026 and is notable for its partnership with TeamPCP, an actor known for supply-chain attacks. The ransomware is described as being designed for ransom but has exhibited behavior akin to a wiper, potentially causing data destruction unintentionally. There is no indication of known exploits in the wild beyond the initial victims. No patches or official remediations are documented at this time.
AI Analysis
Technical Summary
VECT ransomware operates as a RaaS platform, enabling affiliates to deploy ransomware attacks. It emerged publicly in late 2025 and has been linked to a partnership with TeamPCP, a threat actor involved in supply-chain compromises. While intended to encrypt data for ransom, VECT has characteristics of a wiper malware, meaning it may irreversibly destroy data accidentally. The threat currently lacks detailed technical mitigations or patches, and no cloud service involvement is indicated.
Potential Impact
The impact includes potential data encryption and ransom demands, with an additional risk of unintended data destruction due to wiper-like behavior. This could lead to significant data loss for affected organizations. However, the threat is currently assessed as medium severity, with limited known exploitation and no widespread incidents reported.
Mitigation Recommendations
No official patches or vendor advisories are available for VECT ransomware. Organizations should monitor threat intelligence sources for updates. Given the ransomware's nature, standard ransomware defenses such as maintaining reliable backups, network segmentation, and endpoint protection are prudent. No specific mitigations are documented in the source material.
VECT: Ransomware by design, Wiper by accident
Description
VECT is a Ransomware-as-a-Service (RaaS) that first appeared in December 2025 on a Russian-language cybercrime forum. It has claimed at least two victims as of January 2026 and is notable for its partnership with TeamPCP, an actor known for supply-chain attacks. The ransomware is described as being designed for ransom but has exhibited behavior akin to a wiper, potentially causing data destruction unintentionally. There is no indication of known exploits in the wild beyond the initial victims. No patches or official remediations are documented at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
VECT ransomware operates as a RaaS platform, enabling affiliates to deploy ransomware attacks. It emerged publicly in late 2025 and has been linked to a partnership with TeamPCP, a threat actor involved in supply-chain compromises. While intended to encrypt data for ransom, VECT has characteristics of a wiper malware, meaning it may irreversibly destroy data accidentally. The threat currently lacks detailed technical mitigations or patches, and no cloud service involvement is indicated.
Potential Impact
The impact includes potential data encryption and ransom demands, with an additional risk of unintended data destruction due to wiper-like behavior. This could lead to significant data loss for affected organizations. However, the threat is currently assessed as medium severity, with limited known exploitation and no widespread incidents reported.
Mitigation Recommendations
No official patches or vendor advisories are available for VECT ransomware. Organizations should monitor threat intelligence sources for updates. Given the ransomware's nature, standard ransomware defenses such as maintaining reliable backups, network segmentation, and endpoint protection are prudent. No specific mitigations are documented in the source material.
Technical Details
- Article Source
- {"url":"https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/","fetched":true,"fetchedAt":"2026-04-29T11:54:28.985Z","wordCount":5028}
Threat ID: 69f1f175cbff5d861004d351
Added to database: 4/29/2026, 11:54:29 AM
Last enriched: 4/29/2026, 11:54:35 AM
Last updated: 4/29/2026, 2:01:26 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.