In April 2026, Rapid7 published an incident response report confirming that a ransomware group called Kyber had deployed ML-KEM (Kyber1024) — a NIST-standardised post-quantum algorithm — in a real-world attack. First confirmed case ever. Almost immediately, Ars Technica pushed back and called the “quantum-safe” label “all about marketing.”
Here is the thing: they are both right.
The Kyber operation runs two separate variants with fundamentally different encryption under the hood. Whether you are dealing with a genuine post-quantum threat or classical encryption dressed up in PQC clothing depends entirely on which variant hit you. This article gives you the definitive answer, explains what genuine post-quantum encryption means for your recovery options, and tells you how to tell the difference. Spoiler: you cannot tell from the ransom note. You need the binary analysis. This guide is part of our comprehensive coverage of ransomware’s quantum-AI mutation, where we explore how 2026’s threat landscape is shifting across two simultaneous axes.
What Made Kyber Ransomware Different from Everything Before It?
Kyber is a cross-platform ransomware operation. Rapid7 first encountered it in March 2026 during an incident at a multi-billion-dollar American defence contractor. WatchGuard‘s ransomware tracker puts its first known activity back in September 2025.
What sets this group apart is the Windows variant. Rapid7’s reverse engineering confirmed it uses ML-KEM1024 — the highest strength tier of the post-quantum standard — as part of a genuine hybrid encryption scheme. Brett Callow at FTI Consulting called it the first confirmed case of ransomware deploying production PQC in a real attack. “First confirmed” matters here because ransomware groups have claimed quantum-safe encryption before. Kyber is the first time reverse engineering actually proved the claim true — but only for the Windows variant.
One naming issue worth sorting out early: CRYSTALS-Kyber is the academic name for the algorithm NIST standardised as ML-KEM (FIPS 203) in 2024. The ransomware group named itself after the algorithm to conflate its brand with cryptographic legitimacy. When you see “Kyber” in a ransom note, you are reading a marketing decision.
Kyber surfaced during the record 900-incident month of March 2026, which puts the discovery in context.
The Two Variants: Why the Windows and ESXi Attacks Are Not the Same Threat
Kyber deploys two separate binaries. They share Tor-based ransom infrastructure and identical ransom notes. The cryptography is not the same.
The Windows variant is Rust-compiled. It runs a genuine hybrid scheme: ML-KEM1024 for key encapsulation, X25519 for classical key exchange, and AES-256-CTR for file encryption. Rapid7 confirmed all three components present and functional.
The ESXi variant is C++/GCC-compiled. Despite the ransom note claiming AES + X25519 + Kyber for all victims, Rapid7 found no post-quantum implementation in the ESXi binary. It uses ChaCha8 for file encryption and RSA-4096 for key wrapping — classical algorithms, no ML-KEM.
The ESXi variant targets VMware VMFS datastores with a partial encryption strategy: files under 1 MB are fully encrypted (appended with .xhsyw); files between 1 MB and 4 MB get only the first megabyte encrypted; larger files are intermittently encrypted by operator configuration. It uses esxcli to terminate all running virtual machines first, then defaces the ESXi MOTD and web management interface with ransom notes.
The Windows variant runs 11 documented anti-recovery commands: deleting Volume Shadow Copies via WMI and vssadmin; disabling boot repair; stopping backup services including Veeam, SQL Server, and IIS; clearing Windows Event Logs; wiping the Recycle Bin. It also includes experimental Hyper-V targeting.
The bottom line: the encryption stack determines your recovery options. ESXi victims work from classical IR assumptions. Windows victims face something different.
How ML-KEM Actually Works — and Why It Matters for Victims
ML-KEM (Module Lattice-based Key Encapsulation Mechanism, standardised as FIPS 203 by NIST in 2024) is not a file encryption algorithm. It is a key encapsulation mechanism — its job is to securely transmit a symmetric key from victim to attacker.
Think of it as a mathematical lockbox. The attacker’s public key creates the lockbox; a shared AES session key is generated inside it; only the attacker’s private key opens it. An eavesdropper — even one running a quantum computer — cannot solve the underlying lattice mathematics to recover that key.
Here is how the layers fit together. AES-256-CTR encrypts the actual files and is already quantum-resistant at 256 bits (Grover’s algorithm only halves effective key length, leaving 128 effective bits — still secure). ML-KEM1024 wraps the AES key. X25519 adds a classical layer on top: if either algorithm is broken, the other still protects the key material.
ML-KEM1024’s security is based on the Module Learning With Errors (MLWE) problem — no known classical or quantum algorithm provides an efficient solution. Shor’s algorithm, which breaks RSA and ECC, does not apply to lattice mathematics. FIPS 203 is a published, vetted standard deployed maliciously here — not a custom algorithm the ransomware group invented.
For updating your IR playbook for PQC ransomware, the algorithm distinction is where you need to start.
The False Claim: Why the ESXi Variant Is Not Post-Quantum Hardened
The Windows variant uses all of this correctly. The ESXi variant does not.
Rapid7 found no ML-KEM code in the ESXi binary despite identical ransom note text. It uses ChaCha8 for file encryption and RSA-4096 for key wrapping. ChaCha8 is a fast symmetric stream cipher. RSA-4096 is theoretically vulnerable to Shor’s algorithm on a capable quantum computer — a threat realistically three to ten years away from practical capability.
The practical problem here is IR mis-triage. A responder who accepts the ransom note’s PQC claim may wrongly conclude decryption is permanently impossible, counsel immediate payment, or dismiss the chance of a future decryptor. For ESXi victims, a decryptor release remains possible if law enforcement seizes the attacker’s private keys.
Ars Technica’s “all about marketing” framing is accurate for the ESXi variant. It does not apply to the Windows variant, which is a separate technical case requiring separate analysis.
Anna Širokova, Rapid7 senior security researcher, put the psychology plainly: “Post-quantum encryption sounds a lot scarier than ‘we used AES,’ especially to non-technical decision-makers who might be evaluating whether to pay. It’s a psychological trick. They’re not worried about someone breaking the encryption a decade from now. They want payment within 72 hours.”
What “Harvest Now, Decrypt Later” Is — and Why the Windows Variant Closes That Door
“Harvest now, decrypt later” (HNDL) is a threat model where an adversary records encrypted data today and decrypts it once quantum computers are powerful enough to break classical key exchange like RSA and ECC.
In ransomware, HNDL created a theoretical recovery path: a future law enforcement seizure, or a future quantum computer, could unlock files protected by RSA key wrapping. Never a realistic IR strategy, but a possibility.
ML-KEM eliminates that path entirely. There is no cracking Windows Kyber1024 today, and quantum computing will not help tomorrow either. The MLWE lattice problem has no known quantum solution.
Kaspersky’s 2026 State of Ransomware report confirms that PE32 — a separate ransomware family — also uses ML-KEM. PQC adoption in ransomware is a verified trend, not an isolated experiment.
For Windows Kyber victims the calculus is simple and hard: either your backups are intact and isolated, or you are negotiating. Shor’s algorithm theoretically threatens RSA-4096 (the ESXi variant’s key wrapping), but the one-week ransom deadline and the years-away timeline for practical quantum computers make it irrelevant to any immediate decision.
The Attacker Psychology: Why PQC Branding Helps Even When the Encryption Is Classical
Ransomware operators are rational actors. They adopt post-quantum branding because it serves their interests — not because they are committed to cryptographic accuracy.
PQC claims elevate perceived sophistication and make the threat appear permanent. Even when the implementation is inconsistent, “post-quantum encryption” changes boardroom conversations — turning an operational emergency into a perceived cryptographic dead end.
The payoff is psychological, not cryptographic. The ransom deadline is 72 hours, not a decade. Kyber’s one-week response window is engineered urgency: if victims believe files are permanently locked with no future decryptor possible, they pay faster.
The ESXi variant’s false PQC claim is a feature, not an oversight. The operators chose consistent PQC messaging across both variants knowing most victims will not commission binary reverse engineering before deciding whether to pay.
The pattern will grow. ML-KEM is an open standard with publicly available reference implementations. If Kyber succeeds, other ransomware operations will follow — and the gap between real PQC ransomware and fake PQC branding will narrow. That is how ransomware is mutating in 2026.
How to Assess Whether a Ransomware Group’s PQC Claims Are Genuine
The ransom note is not evidence. Treat PQC claims in ransom notes the same way you treat any attacker self-reporting: verify independently.
Binary reverse engineering is the only reliable method. Rapid7 established ground truth by examining actual cryptographic function calls — not the marketing text. The Windows payload checks the embedded public key against the expected Kyber1024 key size, confirming intentional implementation.
Mid-incident, commissioning full reverse engineering is rarely feasible. So the practical approach is simple: treat all ransomware as classical until proven otherwise, and make IR decisions based on backup state.
Indicators that PQC claims may be genuine:
- Rust-compiled binaries (most ransomware is C/C++)
- References to NIST FIPS 203 or ML-KEM1024 specifically — not vague “quantum encryption” language
- Hybrid scheme language combining X25519 (classical) and Kyber/ML-KEM (post-quantum)
- Independent technical analysis from Rapid7, Mandiant, or CrowdStrike confirming the algorithm
Red flags for marketing only:
- PQC claims in a ransom note without third-party confirmation
- “Quantum encryption” language without a named NIST-standardised algorithm
- ESXi-only or Linux-only variants (C++/GCC) with no confirmed Windows counterpart analysis
For ongoing tracking, Kaspersky’s Securelist, Rapid7 AttackerKB, and BleepingComputer are the most reliable sources as this trend develops.
Frequently Asked Questions
What is Kyber ransomware?
Kyber is a cross-platform ransomware operation first identified by Rapid7 in March 2026. It targets Windows file servers and VMware ESXi hypervisors with two distinct payloads sharing Tor-based ransom infrastructure. The Windows variant is the first confirmed production ransomware to use ML-KEM (Kyber1024), a NIST-standardised post-quantum encryption algorithm.
Is Kyber ransomware actually post-quantum, or is it marketing?
Both — depending on which variant you are dealing with. The Windows variant genuinely uses ML-KEM1024 (FIPS 203), confirmed by Rapid7’s reverse engineering. The ESXi variant uses classical ChaCha8 + RSA-4096 despite ransom notes claiming post-quantum encryption. The answer depends entirely on which variant attacked you.
What is ML-KEM and how is it different from regular encryption?
ML-KEM (Module Lattice-based Key Encapsulation Mechanism, standardised as FIPS 203 by NIST in 2024) is a post-quantum cryptographic algorithm. Unlike RSA or ECC, its security relies on lattice mathematics that quantum computers cannot efficiently solve using Shor’s algorithm. In the Kyber Windows variant, ML-KEM wraps the AES key that encrypts victim files.
Can law enforcement or researchers decrypt files encrypted by Kyber ransomware?
For ESXi variant victims: classical ChaCha8 + RSA-4096 means a decryptor release remains theoretically possible if law enforcement seizes the attacker’s private keys. For Windows variant victims: ML-KEM key wrapping means there is no known path to decryption without the attacker’s private key — no future quantum computer changes this.
What is a key encapsulation mechanism (KEM)?
A KEM is a cryptographic primitive that securely transmits a symmetric key from one party to another using public-key cryptography. The attacker’s public key wraps your AES session key; only the attacker’s private key can unwrap it. ML-KEM performs this using lattice mathematics instead of RSA.
What is “harvest now, decrypt later” and does it apply to ransomware victims?
“Harvest now, decrypt later” (HNDL) describes recording encrypted data today to decrypt it once quantum computers mature. For ransomware, this was always a speculative recovery path. ML-KEM eliminates that theoretical possibility for Windows Kyber victims — the lattice problem has no known quantum solution.
Why does the Kyber ESXi ransom note claim post-quantum encryption if it is not true?
Because false PQC claims serve the attacker’s interests. Post-quantum branding elevates perceived sophistication and accelerates payment decisions — especially under a one-week deadline. Consistent PQC messaging across both variants is a deliberate strategic choice, not an error.
Can Kyber ransomware be detected by standard antivirus tools?
The Windows variant is Rust-compiled, which some legacy antivirus and EDR tools handle poorly. Kyber also uses a custom entropy pipeline combining CryptoAPI, RDRAND, and AES-CTR DRBG that may evade entropy-based detection heuristics. EDR tools with behaviour-based detection are more reliable than signature-based antivirus.
Does PQC ransomware change whether I should pay the ransom?
No. Ransom payment decisions should be based on backup state and operational recovery timelines, not encryption method. ML-KEM closes the theoretical “future quantum decryption” path, but that path was never a realistic IR basis. If your backups are intact and isolated, prioritise recovery.
What is the difference between the Kyber ransomware group and the CRYSTALS-Kyber cryptographic algorithm?
CRYSTALS-Kyber (now standardised as ML-KEM / FIPS 203) is a NIST-approved post-quantum algorithm developed by academic researchers. The ransomware group adopted the name intentionally to imply cryptographic legitimacy. The algorithm is a legitimate security standard; the group named itself after it.
Is post-quantum ransomware a growing trend or an isolated experiment?
A growing trend. Kaspersky’s 2026 State of Ransomware report confirms a separate family (PE32) also uses ML-KEM, and Kaspersky predicted this in 2025. ML-KEM is an open standard with reference implementations, lowering the adoption barrier. Kyber is a milestone, not an anomaly.
