A new ransomware family, called Kyber, is leveraging post-quantum cryptography in its operations to hype the strength of its encryption, claims the Ars Technica report published on 23 April 2026. According to Rapid7, the Windows variant uses ML-KEM1024, the highest strength version of the PQC standard, to conceal the AES-256 key used to encrypt victims’ data, though analyses suggest the underlying ransomware often relies on RSA with 4096-bit keys in some variants.
Brett Callow of Emsisoft described the use or claimed use of ML-KEM as a branding gimmick, noting that implementing it required relatively little work. The piece explains that the marketing angle is aimed at persuading victims to pay quickly, as the threat actors rely on fear rather than a demonstrable quantum threat. It also highlights that, even if PQC is invoked, quantum computers capable of breaking current schemes like RSA or ECC are still years away, with Shor’s algorithm referenced as a distant threat.
Overall, the article portrays Kyber as a case of marketing-driven hype rather than a definitive breakthrough in ransomware cryptography.