Akira Ransomware: The Quantum Leap in Extortion – A Future Threat on the Horizon

[Date: May 25, 2025]

Global cybersecurity circles are increasingly bracing for a paradigm shift in the ransomware landscape, anticipating that sophisticated threat actors like the Akira ransomware group will, in the not-so-distant future, leverage quantum-resistant cryptography (QRC) in their extortion schemes. While Akira currently employs robust classical encryption algorithms like ChaCha20 and RSA, experts believe a strategic move towards quantum-safe methods is inevitable as the threat of quantum computing looms.

The Akira ransomware group, already a formidable and highly active player in the cybercriminal underworld, has demonstrated a consistent ability to evolve its tactics, techniques, and procedures (TTPs). Having amassed over $42 million in ransoms since its emergence in March 2023 and continually expanding its victim base across diverse sectors, Akira’s progression towards more advanced encryption is a logical, albeit concerning, next step.

“The ‘harvest now, decrypt later’ scenario is a very real concern,” states Dr. Anya Sharma, a leading expert in post-quantum cryptography. “Even if a fully functional quantum computer capable of breaking current encryption is a decade away, ransomware groups like Akira are forward-thinking. They could begin incorporating quantum-resistant algorithms into their malware to ensure their encrypted data remains unrecoverable long into the future, even if law enforcement or security researchers develop classical decryptors.”

The National Institute of Standards and Technology (NIST) has already made significant strides in standardizing quantum-resistant algorithms, with ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) being notable examples. As these standards mature and an ecosystem of products supporting them develops, it becomes increasingly feasible for malicious actors to integrate them into their operations.

How could this future unfold for Akira?

• Proactive “Quantum-Safe” Encryption: Akira could begin using a hybrid approach, combining their existing classical encryption with newly standardized quantum-resistant algorithms. This would ensure that even if a classical decryptor is developed, the data would remain protected by the PQC layer, making recovery exponentially more difficult.
• Long-Term Data Hostage: By employing QRC, Akira could hold exfiltrated data hostage for extended periods, confident that even the most powerful future supercomputers would struggle to break the encryption. This would increase the pressure on victims to pay, knowing that their sensitive information could be perpetually compromised.
• Increased Extortion Leverage: The perception of “unbreakable” encryption would provide Akira with unprecedented leverage in ransom negotiations, potentially leading to even higher demands.

While the exact timeline for Akira’s adoption of quantum-resistant encryption remains speculative, the cybersecurity community is urging organizations to prepare. National cybersecurity agencies, including the UK’s NCSC, have already laid out roadmaps for PQC migration, with deadlines as early as 2035 for full transition. This proactive approach is crucial, as the transition to quantum-safe cryptography is a complex and time-consuming undertaking.

For organizations, the message is clear: the future of encryption is quantum, and so too will be the evolving methods of ransomware. Investing in PQC readiness now, understanding cryptographic dependencies, and implementing robust security practices are no longer just best practices; they are essential safeguards against the quantum-fueled threats of tomorrow.