Kyber ransom note gives victims one week to respond, claiming use of post-quantum cryptography. However, Rapid7 analysis reveals RSA with 4096-bit keys are used instead.
Anna Širokova, a senior security researcher at Rapid7, says the claimed use of ML-KEM is likely a marketing gimmick and implementation cost is low.
Ransomware generates random AES key, encrypts files with it, then encrypts that key with Kyber1024 for attacker-only decryption.
Despite hype, post-quantum cryptography's strength has little practical benefit for victims, who are more concerned about prompt payment than long-term encryption security.
Kyber developers hope the impression of overwhelming strength will sway people to pay, but experts say quantum computers capable of breaking RSA and ECC are at least three years away.