Picture this: your company’s files are locked. The ransom note is on your screen. Your incident response team is scrambling, and someone in the back of the room quietly asks, “Can we just wait for a quantum computer to crack the key?” The answer, as of right now, is no. A ransomware group has already thought of that.
Security researchers at Rapid7 confirmed this week that a relatively new ransomware family has become the first confirmed to use post-quantum cryptography in its encryption scheme. Specifically, the Windows variant wraps its AES-256 file-encryption keys with ML-KEM1024 — a post-quantum key encapsulation mechanism standardized by NIST. This is not a theoretical warning from a conference slide deck. This is deployed, in-the-wild malware doing it right now.
What ML-KEM1024 Actually Means Here
Let me be direct about the technical picture, because there’s a lot of noise around this story already.
AES-256 on its own is already considered quantum-resistant for file encryption. Symmetric algorithms don’t fall apart the same way asymmetric ones do when a sufficiently powerful quantum computer arrives. The real vulnerability in traditional ransomware has always been the asymmetric layer — the part that protects the symmetric key itself. That’s where RSA and elliptic curve cryptography live, and that’s exactly what a future quantum computer could theoretically break.
ML-KEM1024 plugs that hole. By wrapping the AES-256 key in a post-quantum key encapsulation mechanism, this ransomware group has closed the one door that future quantum decryption might have opened. The attackers hold the only key that can unwrap your encryption key, and no quantum computer on the horizon changes that math.
So yes, some commentators online are pointing out that “all ransomware is already quantum-safe because AES-256 is quantum-safe.” That’s technically true at the file layer. But it misses the point entirely. The threat model for ransomware victims has always included the slim hope that law enforcement or researchers might someday recover or reconstruct keys. Post-quantum wrapping makes that path significantly harder to walk.
Why a Ransomware Group Is Ahead of Most Enterprise Security Teams
Here’s what actually bothers me about this story, and why I think it deserves more attention than it’s getting in the “well, actually” corners of the internet.
Most organizations are nowhere near post-quantum readiness. NIST finalized its first set of post-quantum cryptographic standards in 2024. Adoption across enterprise software, VPNs, and security tooling is still early and uneven. The gap between “standard published” and “standard deployed everywhere” is measured in years, sometimes decades.
A ransomware crew — not a nation-state, not a well-funded research lab — has already shipped a production implementation of ML-KEM1024 into active malware. That’s a meaningful signal about where the criminal ecosystem is heading. These groups are not waiting for the quantum threat to materialize. They’re building infrastructure today that will hold up against whatever decryption capabilities emerge tomorrow.
The “Hype” Angle Is Real, But Don’t Dismiss the Substance
Some researchers have noted that part of this move is marketing — that the ransomware group is using “quantum-safe” as a selling point to potential affiliates and as psychological pressure on victims. That framing is probably accurate. Ransomware-as-a-service operations compete for affiliates, and technical credibility is part of that pitch.
But calling it hype doesn’t make the implementation fake. Rapid7 confirmed the technical details. ML-KEM1024 is in the code. The marketing angle and the technical reality are not mutually exclusive, and treating this as pure PR spin would be a mistake.
What This Means for Defenders
For most organizations, the immediate practical impact of this development is limited. You’re not going to decrypt your way out of a ransomware infection with a quantum computer this year or next. The real takeaway is about trajectory.
- Ransomware groups are actively tracking and adopting post-quantum standards faster than many defenders are.
- The window for “harvest now, decrypt later” attacks on ransomware key material is closing.
- Any incident response playbook that includes “maybe we can recover keys later” needs to be updated.
The criminal ecosystem has a long history of adopting new tools quickly when those tools serve their financial interests. Post-quantum cryptography serves their interests very directly — it makes their product harder to break and their use over victims more durable.
Defenders who are still treating post-quantum migration as a distant, theoretical concern should look at this story and recalibrate. The other side already has.
🕒 Published: