Inside Vect Ransomware-as-a-Service

Vect is an emerging, multi-platform RaaS active since January 2026 that leverages partnerships with TeamPCP and BreachForums to rapidly expand an affiliate base; it provides Windows, Linux and ESXi payload builders, implements robust lateral movement (RDP/SMB/WinRM/PSExec/Scheduled Tasks), uses ChaCha20 encryption and VM termination for maximum impact, includes geo-fencing to exclude CIS/post‑Soviet regions, and has publicly posted victims and file-hash IOCs, indicating an active high-risk criminal campaign.