This New Ransomware Is So Broken It Permanently Destroys Your Files Instead of Encrypting Them

Ransomware attacks have grown in complexity and frequency over the past decade, but as horrible as an attack can be, malicious actors often honor the ransom and decrypt files after receiving payment. With the rise of VECT 2.0 ransomware, however, engineers at Check Point Research have found that the malware encrypts data improperly, and it cannot actually be decrypted afterward, effectively destroying the data. This means that if you or your business fall victim to VECT 2.0 ransomware, the data will be lost forever even if you pony up the ransom, unless you had a secure backup, of course.


While data loss or theft due to ransomware attacks is commonly an expected outcome whether or not the ransom is paid, it's unusual for the ransomware to be so poorly-coded that the criminals are incapable of decrypting captured data. Despite the recent partnership between the VECT developers and the dark web BreachForums, Check Point Research has proven this to be the case via a thorough analysis of VECT's code.

Check Point Research acquired the malware's code through its own Breach Forums account. By examining versions targeting Windows, Linux, and VMWare EXSI, Check Point confirms that the ransomware's fundamental bugs are cross-platform due to a shared encryption engine. VECT's own initial announcement of the malware even misattributes the encryption technology used, and a promised data exfiltration feature has yet to be offered, likely because the data simply can't be exfiltrated at this time.

As always, we strongly recommend employing commonly accepted security best practices if you work for or manage an organization with lots of sensitive data. In case an attack still gets through, be sure to have regular, secured backups on top of that to ensure that attacks like these don't result in unrecoverable losses, or worse.

Image Credit: Check Point Research