Kyber Ransomware Uses ML-KEM Post-Quantum Encryption

Ransomware operators have started future-proofing their extortion tools — using encryption that even quantum computers cannot break. A malware family called Kyber has become the first confirmed ransomware to implement ML-KEM (Module Lattice-based Key Encapsulation Mechanism — a post-quantum encryption standard that NIST finalized in 2024 after a 7-year global standardization competition), according to Kaspersky researchers. Files encrypted by Kyber today could remain locked permanently — even after law enforcement seizes the decryption servers — once quantum computers mature in the next 10–15 years.

This is not a theoretical warning. Kyber ransomware is actively deployed and represents a deliberate engineering decision by a criminal group to plan for a threat horizon that most legitimate organizations have not yet put on their roadmaps.

Why quantum-safe ransomware changes the recovery math permanently

Traditional ransomware uses standard encryption — typically AES-256 for files and RSA-2048 for key exchange. Cryptographers broadly agree that quantum computers, once they reach sufficient scale, will break RSA-2048 in hours. That has actually been good news for ransomware victims: future investigators might recover files without paying, the way EUROPOL freed thousands of Hive and LockBit victims by seizing their key infrastructure months after the initial attacks.

Kyber ransomware closes that recovery window permanently. ML-KEM is based on lattice cryptography — a mathematical structure that researchers have spent decades attempting to crack on both classical and quantum hardware, without success. The U.S. government published ML-KEM as FIPS 203 (the official post-quantum encryption standard assigned by the National Institute of Standards and Technology) in August 2024, recommending it as the replacement for RSA in sensitive government systems. Criminal operators adopted it before most enterprise IT departments even know the standard exists.

Here is what changes for ransomware victims once ML-KEM is in play:

• No future free decryption: Law enforcement takedowns of Hive and LockBit freed victims months later by seizing server keys. Against ML-KEM-protected files, that rescue path does not exist — seized keys cannot be brute-forced even with future quantum hardware.
• Exfiltrated data stays permanently locked to attackers: In "double extortion" attacks (where gangs steal data before encrypting it, then threaten to publish unless paid), post-quantum encryption makes stolen archives undecryptable by anyone except the attackers — on any future timeline.
• Insurance and legal recovery paths narrow: Cyber insurance claims and legal recovery efforts that rely on eventual decryption of seized archives become structurally unviable once ML-KEM is the encryption layer.

The 40-day supply-chain wave Kyber arrived inside

Kyber ransomware did not arrive in isolation. In April–May 2026, security researchers documented a dense cluster of interconnected supply-chain attacks — all targeting infrastructure that developers and security professionals trust by default.

Daemon Tools: a signed backdoor hiding in a disk utility

Starting April 8, 2026, attackers compromised the update pipeline of Daemon Tools (a disk image mounting application used by millions of Windows users since the late 1990s). Versions 12.5.0.2421 through 12.5.0.2434 shipped with a backdoor — signed with an official certificate, meaning Windows security warnings never triggered. The attack reached over 100 countries, but only approximately 12 machines received follow-on payloads, indicating deliberate selection of high-value targets in retail, government, scientific research, and manufacturing. Kaspersky confirmed the backdoor remained active as of their report date.

CVE-2026-31431: Linux's most severe unpatched flaw in years

Researchers from Theori privately disclosed CVE-2026-31431 — nicknamed "CopyFail" — five weeks before going public. The flaw is a local privilege escalation (a vulnerability that lets an attacker who already has limited access to a machine gain full administrative control), and it affects virtually every Linux release with a single, universally applicable exploit. Five weeks elapsed between private disclosure and public release — and few distributions had patched by the time the exploit went live. Confirmed attack vectors include container escape and CI/CD pipeline exploitation (CI/CD pipelines are the automated systems that build, test, and deploy software — compromising one can cascade through every project they touch).

Checkmarx compromised twice in 40 days

Security firm Checkmarx — whose core business is finding vulnerabilities in other companies' software — was hit by two separate supply-chain attacks within 40 days: first via a Trivy GitHub action compromise, then through its own GitHub account being taken over. Bitwarden, the open-source password manager with tens of millions of users, was targeted in the same attack wave. The pattern is not coincidence: hitting security firms means attacking the tool that watches over thousands of enterprise clients at once.

Why criminal groups are engineering for 2035 — and what that demands from you now

The common thread across Kyber ransomware, Daemon Tools, and the Checkmarx–Bitwarden wave is strategic investment in longevity. These operations share four deliberate characteristics:

• Attackers used legitimate signing certificates to bypass endpoint security warnings entirely
• They carefully selected approximately 12 high-value targets from thousands of compromised machines across 100+ countries
• They implemented encryption standards designed to remain unbreakable for decades, not just years
• They targeted security vendors directly — so clients of those vendors become collateral damage through trusted tooling

IBM, Google, and NIST researchers estimate that CRQCs (Cryptographically Relevant Quantum Computers — machines powerful enough to break RSA-2048 in a matter of hours rather than millennia) are approximately 10–15 years away. The most sophisticated ransomware groups have already run that calculation. April–May 2026 is a preview of what happens when criminal infrastructure reaches nation-state planning sophistication.

Three steps to defend against post-quantum ransomware before it's too late

Post-quantum threats are not a future problem to calendar for later. The groundwork being laid now determines which organizations have recovery options in 2035 and which are permanently locked out.

1. Audit long-lived credentials immediately: Any encryption key, certificate, or API credential with a lifetime beyond 5 years is a quantum-era liability. Prioritize rotating SSH keys, TLS certificates, and code-signing certificates. The element-data Node.js package breach — which exfiltrated credentials from over 1 million monthly developer environments — shows how broadly credentials are already being harvested for future exploitation. Use our security automation setup guide to build a credential rotation workflow that catches exposures before adversaries act on them.
2. Demand a post-quantum roadmap from your vendors: Ask your VPN provider, backup solution, password manager, and cloud storage vendor whether they support FIPS 203 (ML-KEM) or FIPS 204 (ML-DSA — the post-quantum digital signature standard for verifying software authenticity). NIST's post-quantum cryptography standards page is the authoritative reference for what to ask. Vendors without a published migration roadmap are a structural risk today — not in 2035.
3. Treat past-breach stolen data as permanently compromised: If your organization experienced a breach in the past 3–5 years involving encryption keys, credentials, or sensitive databases, assume adversaries will eventually decrypt anything they exfiltrated. Plan your rotation, notification, and containment strategy based on that assumption, not on current cryptographic limitations.

Kyber ransomware is the first confirmed criminal deployment of post-quantum encryption — but the historical adoption curve for security capabilities suggests it will be standard across major ransomware families within 2–3 years. The architecture you rely on today was designed for a threat landscape that is already being replaced. Start with a basic audit of your encryption posture — the steps are practical, the window to act before this becomes an emergency is still open, and waiting costs more than acting now.

Related Content — Get Started | Guides | More News