vect

Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.

/*
vect ransomware
*/

rule vect_Ransomnote
{
    meta:
        author = "ransomware.live"
        family = "ransomware.vect"
        description = "Detects vect ransomware ransom note or artifact"
        date = "2026-05-04"
        severity = 7
        score = 70

    strings:
        $name1 = "vect" ascii nocase
        $name2 = "VECT" ascii
        $onion  = "vect.onion" ascii nocase

    condition:
        any of them
}

!!! README !!!
===============================================================
 :::     ::: :::::::::: :::::::: :::::::::::
 :+:     :+: :+:       :+:    :+:    :+:
 +:+     +:+ +:+       +:+           +:+
 +#+     +:+ +#++:++#  +#+           +#+
  +#+   +#+  +#+       +#+           +#+
   #+#+#+#   #+#       #+#    #+#    #+#
     ###     ########## ########     ###
===============================================================
Dear Management, all of your files have been encrypted with ChaCha20 which is an unbreakable encryption algorithm.
Sadly, this is not the only bad news for you. We have also exfiltrated your sensitive data, consisting mostly of databases, backups and other personal information
from your company and will be published on our website if you do not cooperate with us.
The only way to recover your files is to get the decryption tool from us.
To obtain the decryption tool, you need to:
1. Open Tor Browser and visit: [redactado]
2. Follow the instructions on the chat page
3. Receive a sample decryption of up to 4 small files
4. We will provide payment instructions
5. After payment, you will receive decryption tool
WARNING:
- Do not modify encrypted files
- Do not use third party software to restore files
- Do not reinstall system
If you violate these rules, your files will be permanently damaged.
Files encrypted: 0
Total size: 0 bytes
Unique ID: [snip]
Backup contact ([redactado] [redactado]

• https://www.ransomware.live/group/vect