(Image credit: Shutterstock) VECT, a ransomware-as-a-service (RaaS) that first started circulating online in December 2025, was discovered to host a major bug in its programming. According to Check Point Research (CPR) , the ransomware accidentally turned into a wiper after the program unintentionally discarded some nonces needed to decrypt files larger than 128KB. This means that even if a victim were to pay the attackers to unlock their data, no one can undo the damage because the code needed to break the encryption no longer exists. Numerous other problems plague the code, and CPR thinks the code was likely vibe coded using AI. The ransomware would automatically break apart any file greater than 128KB into four different chunks and then encrypt each one with a random 12-byte nonce written on a single shared output buffer. Unfortunately for the victim, the four nonces share the same buffer address, meaning each new nonce overwrites the older one.…