Data Security , Ransomware , Encryption , Threat Intelligence Kyber ransomware targets Windows and ESXi with post-quantum encryption claims April 23, 2026 Share By SC Staff Bleeping Computer disclosed that a new Kyber ransomware operation is actively targeting both Windows systems and VMware ESXi endpoints, with one variant notably implementing Kyber1024 post-quantum encryption. Cybersecurity firm Rapid7 analyzed two distinct Kyber variants deployed on the same network in March 2026. One variant targets VMware ESXi, featuring datastore encryption and VM termination, while the Windows variant, written in Rust, includes an experimental feature for Hyper-V. Both share the same campaign ID and Tor-based ransom infrastructure, suggesting a single affiliate aiming for maximum impact. While the ESXi variant falsely claims post-quantum encryption, using ChaCha8 and RSA-4096, the Windows variant correctly uses Kyber1024 and X25519 to protect symmetric keys used for AES-CTR bulk encryption. The Windows variant also terminates services, deletes backups, and attempts to eliminate recovery paths by clearing shadow copies and event logs. Source: Bleeping Computer An In-Depth Guide to Ransomware Get essential knowledge and practical strategies to protect your organization from ransomware attacks. Learn More SC Staff Related Data Security OpenAI’s Chronicle mirrors Microsoft Recall’s privacy concerns SC Staff April 23, 2026 Chronicle functions by taking screenshots of the user's screen and feeding them to OpenAI's Codex agent to augment its memory with contextual data. Data Security UK ransomware attacks shift to targeted methods, small businesses most affected SC Staff April 23, 2026 Security researchers at SonicWall reported that ransomware actors have moved away from broad, untargeted attacks to more human-operated, "big game hunting" methodologies. Security Operations UK intelligence warns of widespread commercial spyware access by governments SC Staff April 23, 2026 The UK National Cyber Security Centre's report highlights an increase to 100 nations having access to these hacking tools, up from 80 countries estimated last year. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms DNS Spoofing Decryption Deepfake Dictionary Attack Disruption Domain Hijacking Drive-by Download Emanations Analysis Encapsulation Full-Disk Encryption (FDE) You can skip this ad in 5 seconds