A New Ransomware Gang Is Using Post Quantum Encryption—Their First Victim Is a US Defense Contractor

What Rapid7 Found

Cybersecurity firm Rapid7 discovered the Kyber ransomware operation in March 2026 during incident response activities. The attackers had deployed two distinct ransomware variants simultaneously on a single network belonging to a multibillion dollar American defense contractor and IT services provider.

Both variants shared identical campaign IDs and communicated through the same Tor based ransom infrastructure, confirming they came from the same operator. The simultaneous deployment was designed for maximum damage: encrypt every server, every virtual machine, every backup, at the same time.

Why Post Quantum Encryption Matters

Standard ransomware uses RSA or elliptic curve cryptography to protect the encryption keys that lock your files. These algorithms are secure against today's computers but theoretically vulnerable to future quantum computers capable of breaking them. Kyber ransomware gets ahead of that timeline.

The Windows variant implements Kyber1024, a lattice based key encapsulation mechanism that NIST standardized in 2024 specifically because it resists quantum attacks. Combined with X25519 for classical protection and AES-CTR for bulk file encryption, the scheme creates a layered defense: even if one cryptographic layer falls to a future quantum computer, the other layer still holds.

In practical terms, this means that even if a victim could somehow build or access a quantum computer in the future, the encrypted files would remain locked. Researchers cannot crack the encryption today, and quantum computing will not help them crack it tomorrow.

Two Variants, One Attack

Kyber deploys two purpose built variants for different infrastructure:

• Windows variant (Rust): Written in Rust, it implements Kyber1024 and X25519 for key protection, AES-CTR for file encryption, and experimental Hyper-V shutdown capabilities. Encrypted files receive the ".#~~~" extension. It terminates services, deletes shadow copies, and clears event logs before encrypting.
• Linux/ESXi variant: Targets VMware ESXi hypervisors. It enumerates all virtual machines, shuts them down, and encrypts the datastore files that contain the VM images. Files get the ".xhsyw" extension. Despite the group's branding, this variant uses ChaCha8 and RSA-4096 instead of Kyber1024.

The ESXi variant's use of classical cryptography instead of Kyber1024 is notable. Rapid7 found that the group's "post quantum" marketing is partially false: only the Windows variant actually uses quantum resistant algorithms. The ESXi variant relies on the same encryption that every other ransomware gang uses.

What This Signals for the Ransomware Landscape

Kyber is the first known ransomware operation to deploy NIST standardized post quantum cryptography in production. That matters for two reasons:

• It eliminates the "store now, decrypt later" hope. Some victims pay ransoms years after an attack once they accept the data is unrecoverable. Others hold encrypted drives hoping that future breakthroughs will make decryption possible. Kyber1024 closes that door.
• It raises the bar for incident response. Security researchers who analyze ransomware samples to find implementation flaws that enable free decryptors will find the Kyber1024 implementation harder to break. The algorithm was specifically designed to resist the most powerful computational attacks theoretically possible.

If Kyber succeeds, other ransomware operations will follow. The implementation is open source, well documented, and adds minimal overhead. Expect post quantum encryption to become a standard feature in ransomware toolkits within the next year.

Who Is at Risk

Kyber's target profile is clear from its first known victim: large enterprises running mixed Windows and VMware infrastructure. Defense contractors and IT services firms are primary targets, but the dual variant approach works against any organization with both Windows servers and VMware ESXi hypervisors.

The aggressive anti recovery measures, including backup deletion, service termination, and log clearing, suggest the operators assume their victims have incident response capabilities. This is ransomware built to take down organizations that think they are prepared.

What Organizations Should Do

The defenses against Kyber are the same defenses that work against any sophisticated ransomware operation, with one critical addition:

• Air gapped backups. Kyber deletes shadow copies and online backups. If your backups are network accessible, they will be encrypted alongside everything else.
• ESXi hardening. Restrict management interface access, disable SSH when not actively in use, and keep hypervisors on isolated management VLANs.
• Rust binary detection. The Windows variant is written in Rust, which produces binaries that some legacy antivirus engines handle poorly. Ensure your endpoint detection platform has been tested against Rust compiled malware.
• Accept that decryption is not coming. Do not plan your recovery around the hope that researchers will crack the encryption. Kyber1024 was designed by NIST to be unbreakable. Your recovery plan must assume encrypted files are permanently lost.