Vect CTI Report

RansomLook's reverse-engineered analysis of VECT 2.0 (Windows x64) describes a sophisticated Active Directory-targeting ransomware with ten PowerShell lateral primitives, Safe Mode persistence, backup/service disruption, and enterprise-focused killlists; however, the build contains a hardcoded ChaCha20 key and a lost-nonce bug that makes files >128 KiB permanently unrecoverable, no exfiltration code was found, and small files remain decryptable with the extracted key.