Ransomware in 2026: Quantum-Proof Strains Emerge as Defense Evasion Tactics Escalate
Ransomware Attacks Decline but Still a Major Threat – New Quantum-Resistant Variants and EDR Killers Reshape Cyberattack Landscape
Ransomware remains one of the most persistent and adaptive cyberthreats in 2026, despite a slight decline in overall attacks. Kaspersky’s annual report, released ahead of International Anti-Ransomware Day on May 12, reveals that ransomware operators are evolving faster than ever, adopting post-quantum cryptography and sophisticated defense evasion tools.
According to Kaspersky Security Network, the percentage of organizations affected by ransomware decreased across all regions in 2025 compared to 2024. However, the report warns that the threat level remains high as attackers refine their tactics and scale operations with increasing efficiency.
New Families Adopt Post-Quantum Cryptography
One of the most alarming trends in 2026 is the emergence of ransomware families that use post-quantum cryptography. These strains are designed to resist decryption attempts from both classical and quantum computers, making it nearly impossible for victims to recover data without paying a ransom.
“We predicted that quantum-resistant ransomware would appear in 2025, and it has,” said a Kaspersky researcher. “The PE32 family, for example, uses the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) standard, which is a cutting-edge quantum-resistant encryption method.”
EDR Killers and Defense Evasion Become Standard
In 2026, ransomware operators increasingly neutralize endpoint defenses before executing their payloads. Tools commonly referred to as “EDR killers” are now a standard component of attack playbooks, reflecting a trend toward more deliberate and methodical intrusions.
Attackers often exploit trusted components like signed drivers using the Bring Your Own Vulnerable Driver (BYOVD) technique to terminate security processes and disable monitoring agents. “Evasion is no longer opportunistic; it’s a planned, repeatable phase of the attack lifecycle,” the Kaspersky report notes. This makes it increasingly challenging for organizations to maintain control over their environments.
Ransom Payments Drop, Encryptionless Extortion Emerges
As ransom payments decline, some groups are shifting to encryptionless extortion attacks. Instead of encrypting files, attackers threaten to leak sensitive data unless a ransom is paid. This tactic reduces the technical overhead for attackers while still applying significant pressure on victims.
Initial access brokers (IABs) continue to play a crucial role in the ransomware ecosystem, with a growing focus on RDWeb as a preferred method of remote access. Kaspersky researchers observed that IABs are increasingly targeting web-based remote access solutions to gain entry into corporate networks.
Manufacturing Sector Hit Hardest
In the manufacturing sector alone, ransomware attacks may have caused over $18 billion in losses in the first three quarters of 2025, according to Kaspersky and VDC Research. This highlights the severe economic impact of ransomware, even as the number of attacks slightly decreases.
Background
Ransomware has been a persistent threat for over a decade, but 2025 and 2026 mark a significant shift. Attackers are investing in advanced technologies like post-quantum cryptography to stay ahead of decryption tools. At the same time, they are refining their ability to bypass security controls, making traditional defenses less effective.
The rise of Ransomware-as-a-Service (RaaS) has also lowered the barrier to entry, enabling less skilled criminals to launch attacks. Initial access brokers serve as the entry point for many campaigns, selling access to compromised networks on dark web forums.
What This Means
For organizations, the evolving ransomware landscape demands a multi-layered defense strategy. Security teams must prioritize maintaining visibility and control even when endpoint defenses are under attack. “The days of relying solely on detection and response are over,” said a Kaspersky analyst. “Organizations need to prepare for adversaries who will actively target their security tools.”
The emergence of post-quantum ransomware underscores the urgency of adopting quantum-resistant encryption across critical systems. While quantum computing is not yet widespread, proactive measures are essential. Additionally, the shift toward encryptionless extortion means that data exfiltration prevention and robust backup strategies are now as important as traditional anti-ransomware solutions.
Kaspersky advises companies to implement comprehensive security frameworks, including threat intelligence, regular security audits, and employee training. As ransomware continues to evolve, staying informed and agile will be key to mitigating risk.
Related Articles
- 5 Shocking Insights About Hackers Who Hijack Other Hackers' Victims
- Understanding the Critical Apache HTTP/2 Vulnerability: CVE-2026-23918
- Q1 2026 Threat Landscape: Vulnerabilities and Exploit Trends
- PyPI Supply Chain Attack: OceanLotus Linked to New ZiChatBot Malware
- 10 Critical Insights into the Silver Fox Threat Group's ABCDoor Backdoor Campaigns
- DDoS Protection Firm Accused of Fueling Attacks on Brazilian ISPs
- Cybercrime Group TeamPCP Launches Destructive Wiper Attack on Iranian Systems via Cloud Worm
- 10 Critical Facts About Rapid SaaS Extortion by Cordial and Snarky Spiders