Ransomware family first confirmed to use quantum-safe encryption
Original: In a first, a ransomware family is confirmed to be quantum-safe
Why This Matters
First instance of quantum-resistant cryptography adoption in cybercrime
Kyber ransomware uses ML-KEM1024 post-quantum cryptography to encrypt victim data keys, marking the first confirmed case of ransomware implementing quantum-resistant algorithms. Security firm Rapid7 reverse-engineered the malware and found it primarily serves as a marketing tactic.
Rapid7 researchers confirmed that Kyber ransomware, active since September, uses ML-KEM1024 (Module Lattice-based Key Encapsulation Mechanism) to protect AES-256 encryption keys. This represents the first verified use of post-quantum cryptography in ransomware. The lattice-based algorithm is designed to resist quantum computer attacks that could break RSA and elliptic curve cryptography. However, researchers found no practical security benefit since quantum computers capable of running Shor's algorithm are at least three years away. A VMware-targeting variant claims to use ML-KEM but actually employs 4096-bit RSA keys. Security analyst Anna Širokova suggests the implementation is primarily marketing-driven to intimidate victims with 'post-quantum encryption' terminology, exploiting non-technical decision-makers' fears while requiring minimal development effort due to readily available libraries.