Kyber ransomware adopts post-quantum cryptography

Kyber ransomware adopts post-quantum cryptography, ML-KEM branding enters extortion playbook, quantum threat is years away but boardrooms pay for the fear now

Rapid7 says it has reverse-engineered a Windows variant of the Kyber ransomware and found it using ML‑KEM1024, the strongest parameter set of the post‑quantum key‑encapsulation standard selected by the US National Institute of Standards and Technology. The gang’s name itself mirrors the algorithm’s former name, Kyber, and the ransom note gives victims one week to respond, according to Ars Technica.

Technically, the change does not make the attack materially harder to defeat in the timeframe that matters. Ransomware operators still encrypt files with a fast symmetric key—typically AES‑256—and then encrypt that AES key so only the attacker can recover it. ML‑KEM is simply swapped in for RSA or elliptic‑curve cryptography in that “key wrapping” step. As Rapid7 researcher Anna Širokova told Ars Technica, libraries are readily available and the implementation cost is low: add a dependency, call a function, and the ransomware can claim “post‑quantum encryption” without redesigning the rest of the malware.

The interesting part is not cryptography but pricing. Ransomware is a business built around deadline pressure, asymmetric information, and internal corporate governance. The operator’s goal is not to protect ciphertext for a decade; it is to make a CFO sign off on a wire transfer before operations, customers, and regulators start counting downtime in hours. “AES‑256 with a wrapped key” is accurate but dull. “Post‑quantum encryption” is designed to sound like a new category of irreversibility to non‑technical decision‑makers, raising the perceived cost of refusing to pay.

That marketing pitch lands because most victims cannot audit the claim under stress. Even when security teams can, the decision often sits with executives and outside counsel whose incentives are different. Paying a ransom is frequently framed as the cheapest way to resume service and limit reputational damage, while the long‑term consequences—funding criminal infrastructure, attracting repeat attacks, and weakening deterrence—are spread across insurers, customers, and the wider ecosystem. The same logic has already produced a cottage industry of incident‑response retainers, negotiators, and cyber‑insurance clauses that turn extortion into a managed procurement problem.

Kyber’s use of ML‑KEM also highlights a second dynamic: attackers are watching standards bodies and product roadmaps as closely as defenders are. NIST’s post‑quantum work has been discussed for years, and “quantum‑proof” has become a buzzword in vendor sales. Ransomware crews are borrowing that language to increase leverage, even as practical quantum computers capable of breaking RSA and ECC via Shor’s algorithm remain, by most estimates, years away. Ars Technica notes that a separate Kyber variant targeting VMware claims to use ML‑KEM but appears to rely on RSA‑4096 instead—suggesting that, in some cases, the post‑quantum label is a brand asset more than a technical property.

Rapid7’s finding means a NIST‑standardised primitive has already crossed from compliance slide decks into criminal extortion notes. The ransomware still wants payment in days, and the “quantum” part mainly changes what the victim imagines when the clock starts ticking.