March 2026 was already a record month before you heard about Kyber or VECT. Rapid7 tracked over 900 ransomware incidents publicly reported in that single month — the highest single-month total on record. Inside that volume were two structural changes that will reshape how you think about ransomware for years.
Kyber ransomware became the first confirmed group to deploy a NIST-standardised post-quantum algorithm — ML-KEM/Kyber1024 — against live Windows targets. The forensic key-recovery workflows your incident response playbook relies on assume classical cryptography. Against ML-KEM-wrapped keys, they don’t work.
VECT 2.0, a Ransomware-as-a-Service tool with AI-generated code signatures throughout, contains a nonce-handling flaw that permanently destroys every file larger than 128 KB at encryption time. Check Point Research confirmed this across all platform variants. The ransom note appears, the encryption routine runs — and your most important files are gone regardless of whether you pay.
Alongside these two shifts, Beazley’s Q3 2025 data shows that 48% of ransomware initial access now comes through stolen VPN credentials. Attackers are logging in, not breaking in.
These three changes — post-quantum encryption, AI-coded unpredictability, and credential-based access — are happening simultaneously at record volume. Together, they require a rethink of the underlying architecture.
This page covers the full landscape. The articles below provide the depth on each area:
| Article | What it covers |
|---|---|
| Kyber: The First Quantum-Safe Ransomware | What Kyber’s two variants tell you about whether post-quantum ransomware is real or hype |
| VECT: AI-Coded Ransomware Becomes Wiper | How an AI-coded encryption bug turned VECT into a file destroyer and why paying the ransom cannot recover your data |
| The 900-Incident Month | The Q1 2026 volume data that makes both mutations strategically significant |
| Identity Over Malware: Credential-Based Initial Access Dominates | Why 48% VPN-credential initial access means detection-first architecture is structurally misaligned |
| Post-Quantum Encryption Incident Response Guide | What changes in your IR playbook when encryption is quantum-hardened or when the ransomware is actually a wiper |
| Ransomware and the Supply Chain: The TeamPCP Pattern | How TeamPCP used Trivy and GitHub Actions to distribute VECT to 1,000+ enterprise environments |
What are the biggest ransomware trends in 2026?
Three structural shifts define 2026 ransomware. First: post-quantum cryptography has moved from theoretical concern to deployed threat — Kyber ransomware used ML-KEM/Kyber1024 against live targets in Q1 2026. Second: AI-assisted malware development is producing unpredictable code, as VECT’s nonce-handling flaw demonstrates. Third: 48% of ransomware initial access now uses stolen VPN credentials — attackers are bypassing your perimeter by logging in, not breaking in.
The 900-incident March 2026 record is the volume backdrop. Frequency and structural mutation are occurring simultaneously, not sequentially. That distinction matters for how you prioritise your response.
Kaspersky’s State of Ransomware 2026 report also documents the rise of encryptionless extortion — campaigns that skip encryption entirely, relying solely on the threat of publishing stolen data. Chainalysis reported a 28% ransom payment rate for 2025, down year-over-year; the declining payment rate is partly driving some groups away from encryption altogether. Your IR plan needs to address three scenarios now: recoverable encryption, wiper behaviour (accidental or intentional), and pure data exfiltration without any encryption.
For volume context, see The 900-Incident Month. For PQC detail, see Kyber: The First Quantum-Safe Ransomware. For the AI-coded malware detail, see VECT: AI-Coded Ransomware Becomes Wiper.
Why did March 2026 set a ransomware incident record?
Rapid7 tracked over 900 publicly reported ransomware incidents in March 2026 — the highest single-month total on record. The spike reflects a record number of active RaaS affiliate programmes, open-affiliate models like VECT’s BreachForums network, and sustained broad-sector targeting across healthcare, government, and technology. SMB organisations accounted for roughly two-thirds of confirmed victims. Record volume coincided with, and partly enabled, the deployment of Kyber and VECT.
BlackFog’s Q1 2026 report identified 79 ransomware groups claiming victims, with 38% of publicly disclosed incidents attributable to no known group. Healthcare was the most targeted sector at 27%, followed by government and technology.
The volume record matters because it sets the baseline against which Kyber and VECT should be assessed — they’re innovations deployed at scale in a commodity threat environment already running at record pace.
Full analysis of the Q1 2026 numbers: The 900-Incident Month.
What is post-quantum cryptography and why does it matter for ransomware in 2026?
Post-quantum cryptography (PQC) refers to algorithms designed to resist attack from quantum computers — specifically algorithms that defeat Shor’s Algorithm, which could theoretically break RSA and elliptic-curve encryption. NIST standardised ML-KEM (Kyber1024, FIPS 203) in 2024. In Q1 2026, the Kyber ransomware group deployed ML-KEM against live Windows targets — the first confirmed use of a NIST-standardised post-quantum algorithm in ransomware. For defenders, this matters because current key-recovery forensic workflows assume classical cryptography.
💡 Shor’s Algorithm is a quantum computing method that can factor large numbers exponentially faster than classical computers, which is why RSA and elliptic-curve cryptography — both reliant on the difficulty of factoring — are considered vulnerable to future quantum attacks.
The Harvest Now/Decrypt Later (HNDL) threat is why PQC ransomware matters before quantum computers exist. Encrypted data captured today can potentially be decrypted retroactively once quantum hardware matures. Kyber1024 eliminates that future risk for attackers — the wrapped key stays protected even if the encrypted payload is acquired now.
The catch: the same group’s ESXi variant claims Kyber1024 in its ransom note but actually uses ChaCha8 with RSA-4096, with no genuine PQC present. Rapid7 confirmed the Windows variant is authentic. Decryption key recovery workflows that rely on RSA key reconstruction fail against ML-KEM-wrapped keys — law enforcement tooling and No More Ransom project decryptors are not PQC-capable. For the Kyber Windows variant, the only recovery paths are backup restoration or negotiation.
Technical deep-dive: Kyber: The First Quantum-Safe Ransomware. IR implications: Post-Quantum Encryption Incident Response Guide.
What does “AI-coded ransomware” actually mean and why is it dangerous?
AI-coded ransomware refers to malware where significant portions of the code were generated or assisted by large language models. VECT 2.0 exhibits multiple signatures consistent with AI-generated code, including a ChaCha20-IETF nonce-handling flaw that permanently destroys files larger than 128 KB. The danger is unpredictability — AI-assisted development can produce distribution capability alongside critical implementation failures that even the attacker cannot anticipate.
Check Point Research’s analysis of VECT found multiple non-functional features across all variants: the group “knows what features a professional ransomware tool should have, but demonstrably struggled to implement them correctly or at all.”
VECT’s BreachForums open-affiliate model gives a technically immature tool broad reach. Affiliates deploying VECT don’t know it’s a wiper — the tool drops a ransom note, changes the desktop wallpaper, and completes without error messages. A code quality failure in the payload propagates to every deployment before anyone notices.
Full case study: VECT: AI-Coded Ransomware Becomes Wiper. Supply chain amplification: Ransomware and the Supply Chain: The TeamPCP Pattern.
Why can’t victims recover files even after paying ransom in some 2026 attacks?
VECT 2.0’s nonce-handling flaw means the encryption keys needed to recover files larger than 128 KB are permanently lost at encryption time — not stored by the attacker. Even if VECT operators wanted to provide a working decryptor, they cannot. For practically all enterprise files — VM disk images, databases, Office documents — VECT functions as a data wiper regardless of payment.
The 128 KB threshold is not a design choice — it’s an implementation accident. Files below 131,072 bytes use one encryption pass and are technically recoverable. Files above that threshold are permanently irrecoverable. As Check Point Research stated directly: “Victims who pay the ransom cannot receive a working decryptor for their most critical files — not because the operator is uncooperative, but because the nonces required for decryption no longer exist.” Paying provides no recovery value.
A further complication: even where VECT’s encryption destroys files, the data exfiltration component may still function correctly. You may face a double-extortion threat from an attacker whose ransomware doesn’t work — assess the exfiltration exposure separately from the encryption recovery question.
VECT presents as normal ransomware until forensic analysis. Forensic confirmation that large files contain irrecoverable data is now a required step in any incident involving unknown ransomware variants.
Technical analysis: VECT: AI-Coded Ransomware Becomes Wiper. IR decision framework: Post-Quantum Encryption Incident Response Guide.
How do ransomware groups use stolen VPN credentials to get in?
Attackers obtain valid VPN credentials via infostealers — malware that harvests saved credentials from infected endpoints — or by purchasing them from initial access brokers on forums like BreachForums. They authenticate directly to your VPN portal, bypassing perimeter defences entirely. No vulnerability, no exploit — just a valid username and password. Beazley’s Q3 2025 data shows this now accounts for 48% of ransomware initial access.
The Q1 2026 example: Akira used automated credential stuffing against SonicWall SSLVPN portals with no account lockout policies and no MFA — Beazley confirmed weak access controls were the key enabler. The Change Healthcare breach is the canonical case study at scale: compromised Citrix credentials, no MFA, 100 million-plus records exposed, $22 million paid.
Perimeter firewalls and IDS/IPS systems scan for malicious payloads — they don’t detect a valid credential. Stopping this attack category requires identity controls, not network controls.
Identity-first defence architecture: Identity Over Malware: Credential-Based Initial Access Dominates. IR when prevention fails: Post-Quantum Encryption Incident Response Guide.
What is a supply chain ransomware attack?
A supply chain ransomware attack injects malicious code or credentials into widely-used software packages, build pipelines, or tooling — so that legitimate users deploying those tools become victims without any direct intrusion attempt against their own systems. TeamPCP’s March 2026 compromise of the Trivy vulnerability scanner (CVE-2026-33634) is the 2026 case study: attackers injected credential-stealing malware into Trivy’s official release and its GitHub Actions, then partnered with VECT to convert harvested access into ransomware deployments across 1,000+ enterprise environments.
On March 19, 2026, Wiz Research identified that 75 of 76 trivy-action tags had been force-pushed to malicious versions — teams pinning to version tags were affected; teams using SHA commit pinning were protected.
What makes supply chain delivery distinct: the attack exploits trust relationships rather than vulnerabilities. TeamPCP compromised the publication mechanism for Trivy, not the software design. CI/CD pipeline credentials — AWS, GCP, Azure tokens, Kubernetes credentials, SSH keys, GitHub PATs — were exfiltrated. Shortly after, VECT announced a partnership with TeamPCP on BreachForums to exploit companies affected by the supply chain attacks.
The hardening control: pin GitHub Actions to full SHA hashes, not version tags. Version tags can be moved to malicious commits; SHA pinning locks the workflow to a specific commit that cannot be silently replaced.
Full incident analysis: Ransomware and the Supply Chain: The TeamPCP Pattern. What VECT did with the access: VECT: AI-Coded Ransomware Becomes Wiper.
How does identity-first defence reduce ransomware risk?
Identity-first defence prioritises credential protection, MFA enforcement, and access control over malware detection as the primary ransomware prevention layer. Since 48% of ransomware initial access now uses compromised VPN credentials, a defence architecture that begins with detecting malicious code after entry is misaligned with how most attacks actually start. Enforcing phishing-resistant MFA on all remote access, deploying ZTNA to replace VPN, and monitoring for credential abuse stops the dominant attack vector before any payload is executed.
💡 ZTNA (Zero Trust Network Access) is a security model where every access request is verified for identity and device context before granting access to a specific application, replacing the traditional VPN model where authentication gives broad network access.
Identity-first architecture produces different design choices from perimeter-first defence — they are not additive.
MFA on VPN is the highest-leverage single control. Corvus/Travelers recommend phishing-resistant MFA — hardware FIDO2/WebAuthn tokens — over standard TOTP, which remains vulnerable to real-time phishing and SIM-swapping. The infostealer ecosystem has also adapted to bypass MFA via stolen session cookies — Cyfirma documented this as a live attack pathway. ZTNA addresses the residual: even with valid credentials, an attacker cannot move laterally without separate, identity-verified authorisation per application.
Talos Q1 2026 IR data found MFA weaknesses in 35% of IR engagements. That number is high enough to treat “audit your MFA coverage” as a near-term action item, not a future roadmap item.
Full architecture analysis: Identity Over Malware: Credential-Based Initial Access Dominates. When identity controls fail: Post-Quantum Encryption Incident Response Guide.
How does post-quantum ransomware change incident response?
Post-quantum ransomware changes IR in two ways. First, forensic key-recovery workflows that rely on extracting or reconstructing RSA private keys do not work against ML-KEM/Kyber1024-wrapped keys — your IR playbook’s decryption feasibility assessment needs a new first step. Second, AI-coded ransomware like VECT introduces a new IR scenario: wiper-masquerading-as-ransomware, where payment is provably futile. Both scenarios converge on the same defensive requirement: validated, immutable, offline backups are the only guaranteed recovery path.
Both Kyber and VECT execute VSS shadow copy deletion — offline, air-gapped backups are the only copies they cannot reach. The CCCS Ransomware Playbook articulates the 3-2-1-1-0 backup rule: three copies, two media types, one offsite, one offline/air-gapped, zero errors verified by restore testing.
Build two steps into your playbook now: first, is genuine PQC encryption present? Second, is this an AI-coded payload where encryption correctness cannot be assumed?
Full IR playbook update: Post-Quantum Encryption Incident Response Guide. Kyber encryption detail: Kyber: The First Quantum-Safe Ransomware. VECT wiper detail: VECT: AI-Coded Ransomware Becomes Wiper.
What is the difference between ransomware and a data wiper?
Ransomware encrypts files and holds the decryption key for ransom — recovery is theoretically possible by paying or by key recovery. A wiper permanently destroys data, with no recovery option regardless of payment. VECT 2.0 was designed as ransomware but functions as a wiper for all files larger than 128 KB due to its nonce-handling flaw. The distinction matters operationally: wiper behaviour triggers a completely different IR and negotiation decision.
From an attacker’s perspective, ransomware is the monetisation model — a wiper is used for sabotage or to cover tracks. VECT’s wiper behaviour is accidental, not intentional — but the operational impact is identical to a deliberate destructive attack.
The double-extortion layer adds complexity: even where VECT’s encryption destroys files, the exfiltration component may still function correctly, making data-exposure threats possible even though the attacker cannot provide a working decryptor.
Kaspersky’s State of Ransomware 2026 documents a growing number of campaigns skipping encryption entirely (encryptionless extortion). Your IR plan needs to address three scenarios: recoverable encryption, wiper behaviour, and pure data exfiltration. These require different responses, different legal considerations, and different communication strategies.
VECT technical analysis: VECT: AI-Coded Ransomware Becomes Wiper. IR planning for wiper scenarios: Post-Quantum Encryption Incident Response Guide.
Paying ransom vs. restoring from backup in 2026: what do the statistics say?
The statistics consistently favour backup restoration over ransom payment — and the 2026 mutations make the case stronger. Chainalysis data shows a 28% ransom payment rate for 2025, down year-over-year. For VECT victims, paying provides zero recovery value for files above 128 KB. For Kyber PQC victims, payment buys a decryptor but removes the forensic key-recovery option that sometimes made non-payment viable without good backups.
BlackFog’s Q1 2026 data shows average ransom demands exceeding $1 million, with victims given an average of 7.7 days to pay. The pressure during that window — board-level anxiety, operational disruption, uncertainty about backup integrity — is a known variable that should be addressed in IR planning, not during an incident.
The real variable isn’t “should we pay?” — it’s “do we know whether our backups are intact and tested?” Offline, air-gapped backups with tested restore procedures eliminate the trade-off that makes payment attractive. If your only verified clean backup is a snapshot on the same network, you may have no viable non-payment recovery option.
Answering “are our backups tested and working?” before an incident is the most useful thing you can do with the information in this article.
IR decision framework (including when not to pay): Post-Quantum Encryption Incident Response Guide. Volume context and payment statistics: The 900-Incident Month.
Resource Hub: Ransomware Mutation 2026 — Article Library
Understanding the Mutations: Quantum and AI in Practice
Kyber: The First Quantum-Safe Ransomware — Technical breakdown of the Kyber group’s two variants, resolving whether post-quantum ransomware is real or hype with source analysis from Rapid7’s April 2026 forensic engagement.
VECT: AI-Coded Ransomware Becomes Wiper — Case study on VECT 2.0’s nonce-handling flaw: how it permanently destroys files above 128 KB and why paying the ransom is provably futile.
The 900-Incident Month — Data analysis of March 2026’s record-breaking ransomware volume, covering SMB targeting patterns, sector concentration, and the payment economics that make both mutations strategically significant.
The Entry Points: How Attackers Get In
Identity Over Malware: Credential-Based Initial Access Dominates — Analysis of Beazley and Corvus/Travelers data on credential-based initial access, and the MFA and ZTNA controls that address it.
Ransomware and the Supply Chain: The TeamPCP Pattern — How TeamPCP compromised Trivy and GitHub Actions to deliver VECT to 1,000+ enterprise environments, and what CI/CD pipeline hardening looks like in practice.
Responding: What Changes in Your Playbook
Post-Quantum Encryption Incident Response Guide — Practical IR guidance covering both 2026 scenarios: genuine PQC ransomware (no classical key recovery) and wiper-masquerading-as-ransomware (payment futile). Covers the decryption feasibility assessment, negotiation decision framework, and backup architecture requirements.
FAQ Section
Is quantum ransomware real, or is the “quantum” label just marketing?
It depends on the variant. The Kyber Windows variant implements genuine ML-KEM/Kyber1024 (FIPS 203) — confirmed by Rapid7’s April 2026 forensic analysis. The same group’s ESXi variant claims PQC but uses classical ChaCha8 + RSA-4096. The Windows variant is authentic; the ESXi variant is not. See: Kyber: The First Quantum-Safe Ransomware
Why would ransomware groups use post-quantum encryption if quantum computers aren’t ready yet?
Two reasons: Harvest Now/Decrypt Later (encrypted data captured today can be decrypted retroactively once quantum computers mature — Kyber1024 eliminates that risk), and psychological pressure (victims who understand classical forensic key recovery is no longer possible may pay more quickly). Both motivations operate independently of whether quantum computers currently exist.
Can I still recover files if your organisation is hit by VECT ransomware?
Files below 128 KB may be recoverable; everything above is not — VECT’s nonce flaw permanently destroys the decryption keys for large files at encryption time. Do not pay the ransom; recovery depends entirely on backup integrity. See: VECT: AI-Coded Ransomware Becomes Wiper
What should I check right now if your team used Trivy in early 2026?
Check whether your CI/CD pipelines used Trivy v0.69.4 or any trivy-action or setup-trivy GitHub Action pinned to a mutable version tag during the affected period (around March 19, 2026). If so, treat all credentials stored in the affected environment as potentially compromised: rotate VPN credentials, service account tokens, and GitHub PATs immediately. Also check whether kics-github-action was in use — TeamPCP compromised that workflow in parallel. Going forward: pin GitHub Actions to full SHA hashes, not version tags. See: Ransomware and the Supply Chain: The TeamPCP Pattern
Is MFA on VPN enough to stop credential-based ransomware access?
MFA on VPN is the single highest-leverage control. Phishing-resistant MFA (hardware FIDO2/WebAuthn tokens) is the recommended upgrade over standard TOTP, which remains vulnerable to phishing and SIM-swapping. Infostealers also harvest session cookies to bypass MFA — ZTNA or network segmentation is required to limit lateral movement after entry. See: Identity Over Malware: Credential-Based Initial Access Dominates
What changes in your incident response plan for 2026 ransomware?
Add a decryption feasibility step to every ransomware IR: determine whether PQC encryption is present and whether the payload exhibits wiper behaviour. Validate your backup chain — immutable offline backups are now the only guaranteed recovery path in either scenario. See: Post-Quantum Encryption Incident Response Guide
What is the difference between AI-coded ransomware and normal ransomware from a defender’s perspective?
Traditional ransomware behaves according to its design. AI-assisted malware may contain implementation bugs — like VECT’s nonce flaw — that produce outcomes neither the attacker nor defender expects. Check Point Research found multiple non-functional features across all VECT variants. Your IR plan must include a step confirming whether encryption was actually performed correctly — a ransom note does not mean recoverable encryption.
Ransomware in 2026 isn’t one problem — it’s three concurrent changes happening in the same threat environment at record volume. PQC removes a forensic recovery option. AI-coded malware removes payment as a recovery option. Credential-based access removes the assumption that perimeter defence is the primary protection layer.
Your action items from this are fairly concrete: audit your MFA coverage on all remote access, verify your backup chain includes offline/air-gapped copies with tested restore procedures, update your IR playbook to include a decryption feasibility step, and if your CI/CD pipelines used Trivy in early 2026, rotate credentials from those environments now.
The cluster articles linked throughout this page go deeper on each specific area. The Post-Quantum Encryption Incident Response Guide is the most immediately actionable if you’re updating your IR playbook. Identity Over Malware is the place to start if you’re reviewing your access control architecture.
