Tech News
Back to home
Technology

In a first, a ransomware family is confirmed to be quantum-safe

Source

Ars Technica

Published

TL;DR

AI Generated

A new ransomware family named Kyber claims to be quantum-safe by using ML-KEM encryption, a post-quantum cryptography standard. This encryption method is designed to be resistant to attacks by quantum computers, unlike traditional methods like Elliptic Curve and RSA. Security firm Rapid7 confirmed that Kyber uses the highest strength version of ML-KEM to encrypt victims' data with AES-256, making it the first known case of ransomware utilizing post-quantum cryptography. This development highlights the evolving tactics of cybercriminals to enhance the security of their malicious activities.

Read Full Article

Similar Articles

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firm Checkmarx has been targeted in a series of supply-chain attacks over the past six weeks, with malware being pushed to customers through compromised accounts. The attacks began with the breach of the Trivy vulnerability scanner, leading to malware being distributed to Checkmarx users. Checkmarx's GitHub account was also compromised, leading to the dissemination of malware to its users. The company faced additional malware pushes, indicating ongoing security challenges. A ransomware group known as Lapsu$ recently dumped Checkmarx's private data on the dark web, suggesting persistent access by attackers.

Ars Technica
Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

The VECT ransomware, discovered in December 2025, contains a critical bug that turns it into a wiper, destroying files larger than 128KB and preventing decryption. Check Point Research found that the ransomware's flawed programming causes irreversible damage to encrypted files, rendering payment to unlock data ineffective. The ransomware's code also exhibits various other issues, leading researchers to speculate that it may have been partly generated with AI or based on outdated code. Despite these flaws, the group behind VECT appears sophisticated, with multi-platform capabilities and partnerships with other threat actors. The researchers warn that the group could potentially fix these issues and release a more effective version in the future, leveraging its existing distribution system to infect more systems.

Tom's Hardware
Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay

Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay

Former ransomware negotiator Angelo Martino has pleaded guilty to collaborating with the ALPHV/BlackCat ransomware gang to extort five U.S. companies, providing confidential details about the victims' insurance policies and negotiation perceptions. Martino's actions led to over $75 million in ransom payments, with individual payments exceeding $25 million. He also participated in deploying BlackCat ransomware against additional U.S. victims, demanding over $16 million in ransom. Law enforcement has seized more than $10 million from Martino, including cryptocurrency and various assets purchased with illicit proceeds. Martino, along with his co-conspirators, faces a maximum of 20 years in prison, with sentencing scheduled for July 9th.

Tom's Hardware
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Grinex, a US-sanctioned cryptocurrency exchange in Kyrgyzstan, announced a $15 million heist allegedly orchestrated by hackers linked to "unfriendly states." TRM researchers confirmed the theft, noting more drained addresses than initially reported by Grinex. The attack targeted Russian users, with Grinex attributing it to a coordinated effort to harm Russia's financial sovereignty. TokenSpot, another Kyrgyzstan-based exchange, was also breached, with both exchanges becoming inoperable on Wednesday. The US Treasury Department had previously sanctioned Grinex's predecessor, Garantex, for facilitating ransomware actors and cybercriminals.

Ars Technica

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.