New Vect 2.0 RaaS Operation Targets Windows, Linux, and ESXi Systems
A new ransomware-as-a-service (RaaS) operation known as Vect 2.0 has emerged, targeting Windows, Linux, and VMware ESXi systems. This development poses a significant threat to organizations across various platforms.
Key Features of Vect 2.0:
-
Multi-platform Support: Unlike many other RaaS operations that primarily target Windows systems, Vect 2.0 is designed to attack multiple operating systems, including Linux and ESXi.
-
Safe Mode Boot Technique: To evade detection by security tools, Vect 2.0 forces the compromised system to restart in Safe Mode. This technique (MITRE ATT&CK T1562.009) ensures that most endpoint security solutions are inactive during encryption.
Initial Access and Lateral Movement:
-
Initial Access: The ransomware typically gains entry through stolen or weak credentials, exposed RDP/VPN services, or phishing emails.
-
Lateral Movement: Once inside the network, Vect 2.0 uses SMB shares and WinRM to move laterally across systems.
Data Exfiltration and Encryption:
- **
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
![[AINews] The Unreasonable Effectiveness of Closing the Loop](/_next/image?url=https%3A%2F%2Fmedia.nemati.ai%2Fmedia%2Fblog%2Fimages%2Farticles%2F600e22851bc7453b.webp&w=3840&q=75)
