A new ransomware strain named Kyber has crossed a line no other has. It deploys post-quantum cryptography in live attacks. Security researchers at Rapid7 confirmed this week that the group’s Windows variant wraps its AES-256 file-encryption keys with ML-KEM1024, the strongest version of NIST’s freshly standardized key-encapsulation mechanism. Quantum computers? No threat here. But victims don’t know that. And that’s the point.
Kyber emerged last September. It hit a major U.S. defense contractor in March, encrypting Windows servers and VMware ESXi hosts simultaneously. The Windows payload, coded in Rust, generates a random AES key. Files get scrambled fast with that symmetric cipher. Then ML-KEM1024 hides the AES key from everyone but the attackers. Straightforward swap for older RSA or elliptic-curve methods. Libraries make it easy; developers just add a dependency and call a function.
The ESXi variant tells a different story. It claims post-quantum protection too. Reverse engineering shows RSA-4096 instead—strong against classical computers, but vulnerable to quantum Shor’s algorithm someday. ChaCha8 handles the bulk encryption there. Rapid7’s Anna Širokova called it a branding move. “Post-quantum encryption sounds a lot scarier than ‘we used AES,’ especially to non-technical decision-makers who might be evaluating whether to pay,” she said in an email to Ars Technica. Psychological trick. Perfect for pressuring payments within 72 hours.
Brett Callow at Emsisoft agrees. First confirmed PQC ransomware, he said. No practical edge today. Quantum machines capable of breaking legacy public-key crypto sit years away—three at minimum, probably more. AES-256 withstands quantum Grover’s algorithm with room to spare; AES-128 would do. Yet Kyber’s ransom note flaunts the tech. One week to contact them. Fear sells.
Attackers watch standards closely. NIST finalized ML-KEM last year, renaming Kyber to match. FIPS 203 spells it out. Criminals grabbed it first for extortion notes. Defenders lag. Enterprises hoard encrypted data adversaries “harvest now, decrypt later.” NIST’s Dustin Moody warns of that risk: intercepted secrets today, cracked tomorrow. But ransomware doesn’t care about decades. It demands bitcoin now.
Kyber deletes shadow copies. Wipes event logs. Targets backups. Deploys on mixed environments for total blackout—no failover possible. Bleeping Computer noted the Windows use of Kyber1024 alongside X25519 for hybrid protection. ESXi lies about PQC. Dual trouble, as Rapid7 puts it.
This forces a rethink. Traditional decryptors? Useless against PQC ransomware. Law enforcement keys off weak crypto sometimes. No more. Incident responders face hype plus reality. Boards hear “quantum-proof,” panic, approve payouts. Insurance hikes follow. Gartner sees cybersecurity spend hitting $240 billion this year, partly for crypto migration. But criminals test it in the wild already.
France pushes ahead. ANSSI mandates PQC transition by 2030, citing geopolitical heat, per GovInfoSecurity. Google accelerated its timeline to 2029 after quantum advances. Cloudflare adjusts too. Dell rolls quantum-safe firmware. Yet ransomware leads.
So what now? Inventory crypto inventory. Map dependencies. Prioritize long-lived data. Hybrid schemes blend old and new during switchover. Tools like Quantum Secure Encryption’s QPA v2 scan vulnerabilities, per a PR Newswire release. But speed matters less than starting. Kyber proves attackers adopt fast. Enterprises must match pace—or pay the price.


WebProNews is an iEntry Publication