Vect and TeamPCP Partner for Ransomware Campaigns
Sophos, Thursday, July 2nd, 2026
Sophos warns that Vect and TeamPCP have combined credential theft and ransomware into an industrialized attack model.
Sophos researchers documented a formal alliance between Vect, a ransomware-as-a-service operation launched in late 2025, and TeamPCP, known for exploiting vulnerabilities and compromising open-source tools.
Announced in late March 2026, the collaboration weaponizes credentials harvested through major supply chain compromises of projects like Trivy and LiteLLM, involving roughly 500,000 credential sets. Sophos describes it as an unprecedented model of industrialized ransomware deployment that lets attackers rapidly encrypt hundreds of affected organizations.
The convergence of large-scale credential theft, a maturing RaaS operation, and underground mobilization significantly lowers the barrier to entry for ransomware attacks.