Imagine a bank robber who, before cracking your safe, welds a second door on it — one that no locksmith alive can open. That’s essentially what a ransomware group has done by wrapping their encryption in post-quantum cryptography. The threat isn’t from a quantum computer sitting in some lab today. The threat is that they’re already ready for one that doesn’t exist yet. And that should bother you more than the ransomware itself.
What Actually Happened
Security researchers at Rapid7 confirmed this week that a relatively new ransomware family is using ML-KEM1024 — a post-quantum key encapsulation mechanism — to wrap its AES-256 file-encryption keys on Windows systems. In plain terms: the group is using a quantum-safe algorithm to protect the encryption keys that lock your files. Even if you somehow got your hands on a future quantum computer powerful enough to break classical encryption, you still couldn’t crack this.
This is a first. No ransomware family had been confirmed to use post-quantum cryptography before this. The group is also, notably, using this as a marketing angle — hyping the strength of their encryption to potential affiliates and victims alike. Ransomware-as-a-service has always had a sales pitch. Now that pitch includes a spec sheet.
Why This Is More Than a Technical Footnote
Most ransomware coverage focuses on who got hit, how much they paid, and whether backups saved them. This story is different because it’s about trajectory, not incident. A criminal group has looked at where cryptography is heading and made a deliberate engineering decision to get ahead of it. That’s not opportunism. That’s a roadmap.
The timing isn’t random either. Forrester has predicted that quantum security spending will exceed 5% of total IT security budgets by 2026, as organizations start preparing their defenses for a post-quantum world. The defenders are spending. The attackers noticed. They’re now spending too — or at least, investing the development time.
What this tells us is that the ransomware ecosystem has matured to the point where threat actors are doing forward-looking cryptographic engineering. They’re not just buying off-the-shelf tools and pointing them at targets. They’re reading the same NIST standardization documents your security team is reading — and acting on them faster.
The “Harvest Now, Decrypt Later” Problem Gets Worse
There’s a known attack strategy in the quantum threat space called “harvest now, decrypt later.” Nation-state actors and well-resourced groups are believed to be collecting encrypted data today, banking on the ability to decrypt it once quantum computing matures. Classical encryption used in ransomware was theoretically vulnerable to this in reverse — meaning a future quantum computer could, in theory, help victims recover keys without paying.
That window, however theoretical, is now closed for victims of this ransomware family. By using ML-KEM1024, the group has ensured that even a future quantum-capable defender can’t retroactively break the encryption protecting their keys. The asymmetry that has always favored attackers in ransomware just got a little more lopsided.
What This Means for AI-Assisted Security Tools
From where I sit reviewing AI security tools daily, this development is a stress test for a lot of products that are still catching up to classical threats, let alone post-quantum ones. Most AI-driven threat detection tools are trained on behavioral patterns — file encryption rates, lateral movement, command-and-control signatures. The cryptographic method used doesn’t change those behaviors. ML-KEM1024 doesn’t make ransomware move differently through a network.
So in the short term, detection tools aren’t necessarily behind. But the recovery and negotiation calculus changes. Any tool or service that promises decryption assistance, key recovery, or cryptographic analysis as part of its incident response offering needs to be honest about what post-quantum encryption means for those capabilities. Some aren’t being honest about that yet.
The Uncomfortable Takeaway
Criminal organizations are now doing proactive cryptographic engineering. They’re not reacting to quantum computing — they’re preparing for it before most enterprise security teams have finished their first post-quantum readiness assessment. That gap is the real story here.
The ransomware group using ML-KEM1024 probably doesn’t have a quantum computer. Neither do their victims. But they’ve correctly identified that the arms race is moving in that direction, and they’ve placed their bet early. Whether that bet pays off in five years or fifteen, they’ve already signaled something important: the people trying to extort you are thinking further ahead than you might be comfortable admitting.
That’s not a reason to panic. It’s a reason to stop treating post-quantum migration as a future problem and start treating it as a current one.
🕒 Published: