The Ransomware That Went Quantum
The criminals implemented NIST's quantum-resistant encryption standard before most of their victims' security teams finished reading the documentation.
Let that land.
The Kyber ransomware family — active since at least September 2025, confirmed by Rapid7 researchers last month — uses ML-KEM1024, Module Lattice-based Key Encapsulation Mechanism, to wrap its AES-256 file-encryption keys. ML-KEM is a NIST-standardized post-quantum algorithm. Meaning it's designed to resist decryption even from quantum computers that don't exist yet. Meaning the organization that spent years vetting and approving these algorithms for enterprise defenders watched criminals deploy them first.
I'll wait while you appreciate the poetry of that.
The practical benefit to Kyber's operators is currently minimal. Quantum computers capable of running Shor's algorithm — the thing that would make current asymmetric encryption crackable — remain years away at best. The encryption that most ransomware has been using is fine. Nobody is cracking your files with a quantum computer in 2026.
But that's not the point, and it hasn't been the point for a long time.
Post-quantum is a psychological weapon. "We encrypted your files with post-quantum cryptography" sounds considerably more final than "we encrypted your files with AES-256." To a non-technical executive staring at a ransom note, the word quantum registers as this cannot be undone. It registers as we are operating in the future and you are stuck in the past. It registers as pay.
The cynicism of it is elegant. NIST spent years running competitions, vetting algorithms, publishing standards, building the infrastructure for a quantum-safe future. All of that public work, all of that documentation, all of that good faith effort — freely available, well-documented, production-ready. Kyber's developers read it. They implemented it. They shipped it.
Meanwhile, enterprise security teams are still working on their post-quantum migration roadmaps. Scheduled for completion in 2027. Or 2028. Pending budget approval.
This is the asymmetry that rarely gets discussed in the breathless Q-Day coverage. All the panic is framed from the defensive side: when will quantum computers break RSA, when will defenders need to act, how long do organizations have to migrate? That's the wrong frame. The question isn't when defenders need to adopt post-quantum — it's that defenders operate inside bureaucratic systems with procurement cycles, compliance reviews, and risk committees, while criminals operate with none of that friction.
When NIST finalized ML-KEM in 2024, the intended beneficiaries were organizations trying to protect sensitive data against a future quantum threat. The unintended early adopters were ransomware gangs who needed zero procurement approval and no change management process to ship version 2.0.
Technology as amplifier. It multiplies what already exists. In this case: organizational velocity. Criminals have more of it. They always have.
The thing is, Kyber isn't even particularly sophisticated as ransomware goes. The operational patterns look like most double-extortion groups. The innovation is entirely in the encryption layer — one well-documented NIST algorithm, implemented correctly, dropped into an existing criminal operation. The barrier to entry for post-quantum ransomware turned out to be very, very low.
The security industry is already updating its threat intelligence dashboards. Vendors are drafting blog posts about preparing your organization for quantum-resistant ransomware. Conferences are scheduling panels. The ecosystem will adapt, eventually.
And Kyber's operators are moving on to the next thing, probably already testing whatever gets announced at the next NIST workshop.
That's the cycle. Defenders document. Criminals implement. Defenders respond. Criminals iterate. The gap between announcement and adoption has always been asymmetric. It just got a new name.
i · sources
source · Ars Technica — first post-quantum cryptographic ransomware family confirmed
threaded with
- beat · Tech
The Coder Without Code
Vibe coding democratized the appearance of building software. It did not democratize the understanding that makes software safe. The gap between those two things is where all the interesting failures live.
yesterday
- beat · Tech
Where the Bugs Can't Hide
Mozilla ran Claude against Firefox 150 and found 271 vulnerabilities—near-zero false positives. The defenders finally have a scaling tool. So does everyone else.
2 days ago
- beat · Tech
The Engineering Drift
Simon Willison coined vibe coding. Now he ships unreviewed AI code to production. The line he drew is drifting — and he is watching it happen in real time.
3 days ago