Now, even ransomware is using post-quantum cryptography

Kyber, as the ransomware is called, has been around since at least last September and quickly attracted attention for the claim that it used ML-KEM, short for Module Lattice-based Key Encapsulation Mechanism and is a standard shepherded by the National Institute of Standards and Technology. The Kyber ransomware name comes from the alternate name for ML-KEM, which is also Kyber. For the rest of the article, Kyber refers to the ransomware; the algorithm is referred to as ML-KEM. ML-KEM is an asymmetric encryption method for exchanging keys. It involves problems based on lattices, a structure in mathematics that quantum computers have no advantage in solving over classic computing. ML-KEM is designed to replace Elliptic Curve and RSA cryptosystems, both of which are based on problems that quantum computers with sufficient strength can tackle. On Tuesday, security firm Rapid said it reverse-engineered Kyber and found that the Windows variant used ML-KEM1024, the highest strength version of the PQC (post-quantum cryptography) standard. Kyber was using ML-KEM to conceal the key used to encrypt victims’ data with AES-256, a symmetric cryptographic standard that is also quantum-proof. (As reported previously, AES-128 would have sufficed in withstanding a quantum attack.) Brett Callow, a threat analyst at security firm Emsisoft, said it’s the first confirmed case of ransomware using PQC. There is no practical benefit for Kyber developers to have chosen a PQC key-exchange algorithm.