Vect Ransomware-as-a-Service Targets Windows and Linux/ESXi Systems Globally

Vect Ransomware is a newly identified ransomware-as-a-service (RaaS) operation built on a custom C++ codebase, capable of targeting both Windows and Linux/ESXi environments. The malware follows a triple-threat model: it exfiltrates sensitive data (databases, backups), encrypts files with a ".vect" extension, and threatens public data exposure if ransom demands are not met. Vect establishes persistence through scheduled tasks, can force systems into Safe Mode to disable security tools, and employs privilege escalation and credential dumping techniques. Lateral movement is achieved via SMB and WinRM protocols. Command and control communication uses encrypted protocols over anonymized infrastructure. Initial access vectors include phishing campaigns, stolen credentials, and exploitation of exposed remote services (RDP, VPN). Organizations should ensure RDP and VPN services are not directly exposed to the internet, implement multi-factor authentication, maintain offline backups, and deploy endpoint detection and response (EDR) solutions capable of detecting ransomware behavior patterns.