In a first for cybercrime, the ransomware strain dubbed Kyber has been confirmed to implement NIST-standardized ML-KEM post-quantum cryptography for file encryption key exchange, marking the initial observed use of lattice-based cryptography in active malware as of April 2026, signaling a troubling maturation of offensive capabilities that now mirror defensive cryptographic advancements.
The emergence of Kyber represents more than a technical curiosity; it is a bellwether for how adversaries are rapidly adopting cutting-edge defensive technologies to harden their operations against future law enforcement decryption efforts, particularly those anticipating cryptanalytically relevant quantum computers. This development compresses the timeline for defensive readiness, forcing enterprises to reconsider not only their data backup strategies but as well the cryptographic agility of their incident response playbooks.
Under the Hood: How Kyber Actually Implements ML-KEM
Unlike theoretical proofs-of-concept, Kyber’s integration of ML-KEM (FIPS 203) appears operational and deliberate. Analysis of recent samples reveals the ransomware generates a new ML-KEM key pair per victim using parameters ML-KEM-768, the NIST-recommended setting balancing security and performance. The public key is embedded in the ransom note, while the private key—encrypted with a victim-specific symmetric key derived from the victim’s hostname and MAC address—is transmitted to the attacker’s command-and-control server. Crucially, the actual file encryption uses AES-256-GCM, with the AES key encapsulated via ML-KEM, meaning decryption requires solving the Module Learning With Errors problem, which currently offers no known quantum speedup.
Performance benchmarks from isolated detonation tests show ML-KEM-768 key encapsulation adds approximately 1.8ms latency per victim on a modern Intel Xeon E-2388G, a negligible overhead compared to the ransomware’s file encryption phase. This efficiency undermines arguments that post-quantum cryptography is too sluggish for real-time malware deployment. Kyber avoids common implementation pitfalls: it uses constant-time polynomial multiplication and rejects invalid ciphertexts via explicit rejection, mitigating timing and chosen-ciphertext attacks that have plagued earlier lattice-based prototypes.
Exploit Mechanics and Enterprise Exposure
Kyber gains initial access primarily through phishing emails bearing malicious Word documents that exploit CVE-2025-24061, a zero-day in Microsoft Office’s equation editor patched in March 2026. Once executed, it disables Windows Defender via tampering with the TamperProtection registry key before enumerating network shares using SMBv2. Notably, it avoids encrypting files under C:Windows and $Recycle.Bin to maintain system stability—a tactic observed in Ryuk and Conti variants. The ransomware leaves a ransom note named KYBER_DECRYPT_INFO.txt containing the Base64-encoded ML-KEM public key and instructions to pay 2.5 XMR (Monero) for the private key.
From a mitigation standpoint, traditional Indicators of Compromise (IOCs) based on file entropy or known bad hashes are ineffective due to the unique ML-KEM-encrypted keys per victim. However, behavioral detection remains viable: Kyber’s use of wcrypt.exe—a custom binary that calls BCryptEncrypt with AES-256 while simultaneously invoking the open-source pq-crystals/kyber library for key encapsulation—creates a detectable anomaly in API call sequences. Enterprise defenders should monitor for unusual calls to NCM_GetSharedSecret from non-cryptographic processes.
What In other words for the Cryptographic Arms Race
Kyber’s adoption of ML-KEM is not merely technical posturing; it reflects a broader trend where offensive actors treat post-quantum cryptography as a defensive moat. As noted by CISA advisor and cryptographer Dr. Elena Rossi in a recent briefing: “
We’re seeing ransomware groups not just adopt PQC, but optimize it. They’re treating cryptographic agility as a core operational capability, not a compliance checkbox.
” This mirrors findings from the ENISA Threat Landscape 2025 report, which warned that “
the democratization of post-quantum libraries lowers the barrier for sophisticated actors to future-proof their infrastructure.
”
The implications extend beyond defense contractors. Open-source maintainers of libraries like pq-crystals/kyber now face ethical dilemmas: their code, designed to protect critical infrastructure, is being repurposed to hinder victim recovery. Meanwhile, platforms like Microsoft Azure Key Vault and AWS KMS have begun offering ML-KEM APIs, but enterprise adoption remains below 5% according to IETF measurements—creating a dangerous asymmetry where attackers lead defenders in PQC deployment.
The 30-Second Verdict
Kyber is not a fleeting anomaly but a canonical example of offensive innovation mirroring defensive progress. Enterprises must treat post-quantum cryptography not as a future concern but as an present-day evasion tactic, updating EDR rules to detect anomalous lattice-based API usage and prioritizing crypto-agility in backup encryption keys. The real vulnerability isn’t quantum computers—it’s the assumption that adversaries will lag behind in adopting the very tools we design to protect ourselves.
