Security researchers at Rapid7 confirmed this week that a ransomware group’s Windows variant wraps its AES-256 file-encryption keys with ML-KEM1024 — a post-quantum key encapsulation mechanism. My first reaction when I read that? A long, tired exhale. Because as someone who spends most of his time reviewing AI security toolkits and telling you what actually works versus what’s just marketing noise, this is the kind of development that reframes a lot of conversations I’ve been having.
Let me be honest with you: most of the “quantum-safe” messaging you see in security product pitches right now is premature. Vendors slap post-quantum labels on things to sound ahead of the curve. So there’s a grim irony in the fact that the first confirmed real-world deployment of post-quantum cryptography in an active threat isn’t coming from a well-funded enterprise security vendor. It’s coming from ransomware operators.
What Actually Happened Here
A relatively new ransomware family has been confirmed to use post-quantum cryptography in its encryption chain. Specifically, it uses ML-KEM1024 alongside AES-256 for file encryption. ML-KEM1024 is a key encapsulation mechanism standardized by NIST as part of its post-quantum cryptography project. The ransomware uses it to wrap the AES-256 keys that actually scramble your files.
This is worth unpacking carefully, because there’s a nuance that some early commentary glossed over. AES-256 on its own is already considered quantum-resistant for symmetric encryption — a sufficiently powerful quantum computer doesn’t break AES-256 the way it would break RSA or elliptic curve cryptography. The real vulnerability in traditional ransomware has always been in the asymmetric key exchange layer, where an attacker’s public key is used to protect the session key. That’s the layer ML-KEM1024 now covers.
So what this ransomware group has done is close a theoretical future gap. They’ve built a system where even if quantum computers capable of breaking classical asymmetric cryptography become available, a victim’s encrypted files stay locked. The decryption key remains protected by an algorithm designed to survive that threat.
Why This Matters for the Toolkit Space
Here at agntbox, we review AI and security toolkits. We tell you what’s solid, what’s overhyped, and what you should actually spend money on. And this development puts a spotlight on something I’ve been skeptical about for a while: the gap between how security vendors talk about post-quantum readiness and how prepared most organizations actually are.
A lot of the AI-assisted security tools I’ve tested this year include threat detection and response features. Some of them are genuinely useful. But almost none of them are built with post-quantum cryptographic assumptions in mind — either for their own internal communications or for the threat models they’re designed to detect. That’s a problem that just got more visible.
If ransomware operators are already deploying ML-KEM1024 in production attacks, the security tools meant to detect, analyze, and respond to those attacks need to understand what they’re looking at. That means:
- Threat intelligence feeds need to track post-quantum algorithm usage as an indicator of sophistication
- Incident response toolkits need updated cryptographic analysis capabilities
- Backup and recovery strategies need to account for the fact that “wait for a decryptor” is an even less viable option when the encryption is quantum-safe
The Hype Problem, Flipped
There’s a certain dark comedy in this situation. For years, post-quantum cryptography has been a selling point used to justify premium pricing on enterprise tools that most organizations don’t urgently need yet. The quantum threat to current encryption is real but not immediate — we’re likely years away from cryptographically relevant quantum computers.
But ransomware operators aren’t waiting for the threat to be immediate. They’re building for longevity. Encrypting files today with a system that will still be unbreakable in ten years is a rational move if you’re running a criminal enterprise that expects to still be operating — or whose victims might still be sitting on encrypted backups hoping for a future decryptor.
That’s a strategic calculation. And it’s a more sophisticated one than I see from a lot of the legitimate security vendors I review.
What You Should Actually Do
If you’re evaluating security toolkits right now, start asking vendors direct questions about their post-quantum roadmap — not as a future-proofing checkbox, but as a signal of how seriously they’re tracking the threat space. A vendor who can’t answer that question clearly in 2025 is behind.
And if you’re running backups as your primary ransomware defense strategy, that remains solid advice. But this development is a reminder that the window for “we’ll just restore from backup” keeps narrowing as attackers get more methodical. Solid, tested, offline backups. That’s still the most honest recommendation I can give you.
đź•’ Published: