Did you think ransomware was done evolving? Ha. That’s cute.
International Anti-Ransomware Day rolls around every May 12th. A day for… what, exactly? To remind us that while we celebrate, the bad guys are just busy innovating. Kaspersky’s latest report drops some unwelcome news for 2026. Ransomware isn’t just sticking around; it’s getting smarter. And frankly, more annoying.
New families are popping up. They’re not just using standard encryption; they’re messing with post-quantum cryptography ciphers. Yes, you read that right. The future is now, and it’s terrifyingly resistant to decryption. And if that wasn’t enough, ransom payments are actually dropping. So, what do the criminals do? They pivot. Some groups are now implementing encryptionless extortion attacks. No files locked, just your precious data held hostage for public shaming. Lovely.
And the old guard? Initial access brokers are still raking it in. Their preferred method? Getting their digital grubby hands on access to RDWeb as the preferred method of remote access. Easy in, big payout. Simple.
Ransomware Attacks Decline? Don’t Celebrate Yet.
Kaspersky Security Network tells us the share of organizations hit by ransomware dropped in 2025. Across all regions. Sounds good, right? Wrong.
This isn’t a sign of victory; it’s a sign of refinement. Operators are getting more efficient. They’re scaling up. And for sectors like manufacturing, the damage is already astronomical. We’re talking over $18 billion in losses in just the first three quarters of last year. That’s not a ‘decline’; that’s a sustained, expensive siege.
The Rise of EDR Killers: Your Security is the Target
Remember when ransomware just encrypted stuff? Quaint. Now, attackers are coming for your defenses first. EDR killers are standard issue. This isn’t a smash-and-grab; it’s a methodical dismantling of your security posture. They’re terminating processes. Disabling monitoring. They’re even using signed drivers – a technique called Bring Your Own Vulnerable Driver (BYOVD) – to sneak past your defenses and mask their malicious activity as legitimate system functions.
Evasion isn’t an afterthought; it’s baked into the attack plan. Detecting ransomware is one thing. Maintaining control when your security tools are actively being dismantled is an entirely different nightmare.
Quantum-Proof Ransomware is Here. Yay.
We called it. Quantum-resistant ransomware was predicted, and Kaspersky’s seen it in the wild. This isn’t just about being tough to decrypt with current machines; it’s about being tough to decrypt with future quantum computers. This makes data recovery without paying a ransom practically impossible. The PE32 ransomware family is a prime example. It’s using the ML-KEM standard – the same one NIST is pushing for post-quantum defense – to protect its AES keys. Specifically, the Kyber1024 algorithm.
This is a massive shift. It’s not just one rogue group. The wider industry is moving this way. TLS 1.3 and QUIC protocols are already integrating hybrid classical-quantum models. Your data could soon be locked down by something theoretically impossible to break.
The encryption techniques used by this quantum-proof ransomware could be used to resist decryption attempts from both classical and quantum computers, making it nearly impossible for victims to decrypt their data without having to pay a ransom.
Encryptionless Extortion: The Data Leak Gig
So, ransom payments are down. By 2025, only 28% of ransoms were paid. The criminals adapted. They figured out that outright theft and the threat of public exposure is often just as effective. Why bother encrypting when you can just exfiltrate data and then threaten to leak it? ShinyHunters is doing this. They have a data leak site. It’s simple. It’s effective. And it sidesteps the need for reliable encryption routines, reducing detection chances.
This isn’t just a double-whammy tactic anymore. Increasingly, it’s the only tactic. For victims, backups are useless here. They won’t save you from regulatory fines or reputational ruin. Ransomware isn’t just a business continuity problem anymore. It’s a full-blown data security and compliance crisis.
The Human Element Remains the Weakest Link
Despite all these advanced technical tricks – quantum-resistant crypto, sophisticated evasion tools – the core vulnerability persists. Humans. Phishing. Social engineering. The weak passwords. The misconfigured RDWeb servers. These are the doors the attackers are still kicking down. The technology might be evolving at a breakneck pace, but the oldest trick in the book still works like a charm. And that, perhaps, is the most depressing revelation of all.
What Does Post-Quantum Cryptography Mean for Me?
It means the encryption methods used today might eventually be breakable by future quantum computers. Ransomware groups adopting these new methods are preparing for that future, making their attacks far harder to reverse.
Will this new wave of ransomware make backups useless?
Backups remain critical for ransomware that encrypts data. However, for encryptionless extortion (where attackers steal data and threaten to leak it), backups offer no direct protection against data exposure and its consequences.
How can I protect myself from EDR killers?
Beyond strong traditional security, focus on advanced threat detection and response that can identify attempts to disable security agents. This includes monitoring system integrity and using application whitelisting where feasible.
