What if the encryption protecting your files from ransomware attackers is already weaker than the encryption the attackers are using against you?
That’s not a hypothetical anymore. Security researchers at Rapid7 confirmed this week that a ransomware family is now using post-quantum cryptography — specifically ML-KEM1024 — to wrap its AES-256 file-encryption keys. It’s the first confirmed case of a ransomware strain deploying post-quantum key encapsulation in the wild, and as someone who spends most of their time thinking about how bots and automated systems handle cryptographic operations, I find this development genuinely unsettling.
What ML-KEM1024 Actually Does Here
Let’s be precise about the mechanics, because the framing matters. AES-256 itself is not the new part. Symmetric encryption like AES has always been considered reasonably solid against quantum attacks — a quantum computer running Grover’s algorithm effectively halves the key strength, dropping AES-256 to roughly 128-bit security, which is still not trivially broken.
The real vulnerability in traditional ransomware has always been the key exchange layer. Attackers generate a symmetric key to encrypt your files, then encrypt that key using an asymmetric algorithm like RSA so only they can recover it. RSA and elliptic-curve cryptography are exactly what quantum computers — specifically Shor’s algorithm — would shred. That’s the seam this ransomware group is now reinforcing.
By wrapping the AES-256 key with ML-KEM1024 instead of RSA, the attackers are using a NIST-standardized post-quantum key encapsulation mechanism. Even a sufficiently powerful quantum computer couldn’t recover the symmetric key from the ciphertext. Your files stay locked. Their use stays intact.
Why Bot Builders Should Pay Attention
If you’re building bots — automation agents, scraping pipelines, API integrations, anything that handles credentials or sensitive data in transit — this shift should recalibrate how you think about your own cryptographic choices.
Most bot infrastructure today relies on TLS for transport security and standard asymmetric algorithms for any key exchange that happens at the application layer. That’s fine for now. Quantum computers capable of breaking RSA-2048 at scale don’t exist yet. But the ransomware group’s move signals something important: threat actors are not waiting for quantum hardware to mature before adopting post-quantum standards. They’re doing it today, partly for the marketing value of claiming “quantum-safe” encryption, and partly because the algorithms are already standardized, available in libraries, and not meaningfully harder to implement.
That asymmetry should bother you. Defenders tend to move slowly — legacy systems, compatibility requirements, procurement cycles. Attackers move when the tools are ready. The tools are ready.
The “Hype” Angle Is Real, But Incomplete
Some commentary around this story has leaned toward dismissal — the argument being that ransomware groups are using post-quantum crypto mostly as a marketing claim to justify higher ransom demands, and that the practical threat is overstated since quantum computers can’t break RSA today anyway.
That reading is fair as far as it goes. There is a real element of threat-actor branding here. Claiming your ransomware is “quantum-safe” sounds scarier to a victim negotiating a ransom payment.
But the dismissal misses the longer arc. The fact that a criminal organization has successfully integrated ML-KEM1024 into a working ransomware payload means the implementation barrier is low. Other groups will copy it. In two years, post-quantum key encapsulation in ransomware will be unremarkable. The first confirmed case is always the one worth tracking.
What This Means for Your Stack
If you’re building bots or automated systems that handle anything sensitive, here’s a practical checklist worth running through:
- Audit which asymmetric algorithms your bots use for key exchange or signing. RSA and ECDH are the ones to flag.
- Check whether the libraries you depend on have post-quantum support. OpenSSL 3.x and liboqs are worth knowing about.
- If you’re storing encrypted data long-term, consider that data encrypted today with RSA could theoretically be decrypted later once quantum hardware matures — a “harvest now, decrypt later” attack.
- Watch NIST’s post-quantum standards. ML-KEM (formerly CRYSTALS-Kyber) is already finalized. Migration paths exist.
Nobody is saying rewrite everything this week. But the ransomware space just demonstrated that post-quantum cryptography is no longer a future concern being debated in academic papers. It’s in production malware. The attackers have already made their migration decision. The question is whether your systems will catch up before it matters.
For bot builders specifically, cryptographic hygiene has always been easy to defer. This is a good moment to stop deferring it.
🕒 Published: