Cybercriminals just beat the security industry to one of its most important milestones, and that should worry everyone.
For years, the conversation around quantum computing and encryption has felt abstract — something for researchers in lab coats to sort out before it became anyone else’s problem. But a newly confirmed ransomware family has changed that timeline in a very uncomfortable way. For the first time ever, a ransomware group is using quantum-safe encryption to lock victims’ files. The bad guys got there first.
Wait, What Even Is Quantum-Safe Encryption?
Let’s back up for a second. Regular encryption — the kind that protects your bank account, your emails, and yes, the files on your computer — works because today’s computers would take an impossibly long time to crack it. We’re talking millions of years. So practically speaking, it’s safe.
Quantum computers change that equation. A powerful enough quantum machine could theoretically crack today’s standard encryption in hours or even minutes. That’s not happening tomorrow, but it’s coming. So researchers have been developing a new generation of encryption algorithms specifically designed to hold up even against quantum attacks. These are called post-quantum or quantum-safe algorithms.
The idea was that governments, banks, and tech companies would adopt these new algorithms to stay ahead of the threat. What nobody expected — or at least nobody wanted to say out loud — was that ransomware gangs might get there first.
What the Researchers Actually Found
Security researchers at Rapid7 confirmed that a relatively new ransomware family’s Windows variant wraps its AES-256 file-encryption keys with ML-KEM-1024. That’s a mouthful, so here’s the plain-English version: the ransomware uses a standard strong encryption method to scramble your files, and then it protects the key to those files using a quantum-safe algorithm called ML-KEM-1024.
ML-KEM-1024 is one of the post-quantum cryptography standards that the security community has been developing as a defense against future quantum attacks. The ransomware group essentially took a tool designed to protect people and flipped it into a weapon.
This is the first confirmed case of any ransomware family doing this. And while the group behind it appears to be relatively new, the technical sophistication here is not something to brush off.
Why This Matters Even If You’ve Never Heard of ML-KEM
Here’s what this means in practical terms. When ransomware encrypts your files, the hope — slim as it often is — is that researchers might eventually find a weakness in the encryption and release a free decryption tool. That has happened before. Victims have gotten their files back without paying.
With quantum-safe encryption in the mix, that window gets much smaller. The encryption is specifically designed to resist not just today’s computers but tomorrow’s most powerful ones too. If the ransomware group holds the only key, and that key is protected by quantum-safe algorithms, the math is not in the victim’s favor.
For everyday people, this is a reminder that ransomware isn’t just a problem for big corporations. It hits hospitals, schools, small businesses, and individuals. The stronger the encryption these groups use, the harder recovery becomes.
The Security Industry Is Already Playing Catch-Up
Forrester’s predictions indicate that quantum security spending will exceed 5% of total IT security budgets by 2026, as organizations prepare for this exact kind of threat. That number tells you two things: the industry knows this is coming, and most organizations are still in the preparation phase rather than the ready phase.
The gap between “preparing” and “ready” is exactly where ransomware groups like this one are setting up shop.
Post-quantum cryptography solutions exist. The National Institute of Standards and Technology finalized several post-quantum standards recently, and ML-KEM is actually one of them — which is precisely why a ransomware group could get their hands on it. These algorithms are public by design, because good cryptography doesn’t rely on secrecy of the method, only secrecy of the key. The problem is that defenders and attackers have access to the same tools.
So What Should You Actually Do?
- Back up your files regularly, and keep at least one backup completely offline. No encryption can touch what isn’t connected.
- Keep your software updated. Most ransomware still gets in through known vulnerabilities that patches already fix.
- If you run a business, start asking your IT team or vendors where they stand on post-quantum readiness. The question alone will tell you a lot.
The quantum future arrived in an unexpected place first. That’s not a reason to panic, but it is a very good reason to stop treating post-quantum security as a distant, theoretical concern. Someone out there already isn’t.
🕒 Published: