Dark Web Profile: Vect Ransomware

This report profiles the Vect ransomware RaaS operation that debuted Dec 31, 2025, detailing its low-barrier affiliate program (Monero entry fee, builder for Windows/Linux/ESXi), mass recruitment via BreachForums, partnership with TeamPCP supplying credentials from multiple March 2026 supply-chain compromises, 25 documented global victims across industries, and a technical analysis showing a broken ChaCha20 implementation that renders most encrypted data unrecoverable and makes intrusions operationally equivalent to a wiper; the report concludes with detection, mitigation, and recovery recommendations.