- New ransomware variant found to work as destructive data eraser
- Faulty nonce management results in permanent loss of files larger than 128 KB
- Although it is marketed as RaaS, victims cannot recover their data even if they pay
VECT 2.0, a relatively new ransomware variant offered for sale on dark web forums, is actually broken and functions as a data eraser instead of an encrypter, researchers warn.
In an in-depth new report, cybersecurity firm Check Point explained that the problem lies in how VECT 2.0 handles “nonces” – the random values needed to properly encrypt and then decrypt data. Apparently, the malware splits large files into pieces, but instead of using new memory space for each occasional case, it reuses it, thereby overwriting the previous one.
In other words, it loses the “keys” to most parts of the file as it progresses. Only the last part of the file can be recovered, while the rest is permanently destroyed. So even if victims decide to pay the demanded ransom, they still won’t be able to recover their files, nor will malicious actors be able to help them even if they wanted to.
Article continues below
Team up with TeamPCP
To make matters worse, what the encryptor considers a “large file” is also false. Check Point claims that anything larger than 128 KB, which is ridiculously small by today’s standards, will eventually be erased.
“With a threshold of just 128 KB, smaller than a typical email attachment or office document, what the code classifies as a large file includes not only VM disks, databases, and backups, but also routine documents, spreadsheets, and mailboxes. In practice, almost nothing a victim would want to recover falls below this limit,” Check Point warned.
VECT reportedly recently advertised on Dark Web forums, offering a Ransomware-as-a-Service model, inviting affiliates and partnering with TeamPCP, a relatively young threat actor that has already made a name for itself with successful attacks against Trivy, LiteLLM, Telnyx and the European Commission.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
