VECT 2.0 ransomware nukes files over 131KB across Windows, Linux, and ESXi

A new ransomware strain dubbed VECT 2.0 has surfaced with cross-platform builds targeting Windows, Linux, and VMware ESXi hosts. Unlike conventional ransomware that encrypts data for ransom recovery, VECT 2.0 irreversibly destroys any file larger than 131KB, making payment-based recovery impossible for affected systems.

The ESXi variant is particularly damaging in virtualized environments, where a single compromised hypervisor can wipe out dozens of guest VMs in one pass. The 131KB threshold appears designed to maximize destruction of meaningful business data — documents, databases, VM disk images — while leaving small system files intact enough that the host continues running long enough to spread.

The wiper-disguised-as-ransomware pattern signals destructive intent rather than financial motive, echoing prior pseudo-ransomware campaigns where the ransom note is cover for sabotage. Defenders should prioritize offline backups, ESXi hardening, and lateral movement detection, since once VECT 2.0 executes there is no decryption path back.