Academics, security pros, and policymakers recently swarmed Washington, DC, for the first-ever Quantum World Congress, a mass gathering of quantum computing experts. Among the biggest topics of discussion, according to Axios, was the “quantum encryption apocalypse.”

That is the concept that some of the most widespread encryption algorithms in use today are vulnerable to codebreaking by next-generation computers operating on principles of quantum mechanics. The biggest unknown might not be when this threat arrives, but what cybersecurity pros can do to prepare for it.

What’s quantum uncertainty about? Traditional computers use bits, a logical state with two possible values: 1 or 0. Quantum computers rely on qubits, which can be both 1 or 0 simultaneously. In theory, qubits can generate solutions to problems in hours or days that would take classical computers exponential amounts of time—say, trillions of years—like cracking RSA encryption.

Existing quantum computer prototypes aren’t accurate enough to be of use solving practical problems. Yet that could rapidly change if or when certain engineering problems like noise mitigation are solved.

One concern is not only that techniques like RSA will become useless against quantum-equipped adversaries, but that nation states may already be archiving data to crack years from now.

“In terms of script kiddies and small hacker groups, they don’t really have access to this stuff,” David Mahdi, chief strategy officer and CISO advisor at Sectigo, told IT Brew. “At least today, nation states are probably the thing to worry about at the moment, because I would predict that they’re going to be the first to have these capabilities.”

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

What’s worse than ransomware? Malware disguised as ransomware that will just delete your data anyways, that’s what.

Take “CryWiper,” a Trojan reported by the cybersecurity provider Kaspersky in December. CryWiper destroys files while storing ransom demands in a README.txt file.

The catch (and presumably, the “cry” part) is that there’s nothing to decrypt.

“Our experts are confident that the main goal of the attackers is not financial gain, but destroying data. The files are not really encrypted; instead, the Trojan overwrites them with pseudo-randomly generated data,” said Kaspersky in a Dec. 2 post.

The motivation behind data-wiping differs from ransomware—the big difference being money—but the defense recommendations are about the same: have backups, change passwords, and educate end-users, to name a few.

Keep reading here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: $302,278. That’s how much a Washington State software engineer reportedly stole in a scheme inspired by the movie Office Space. (the Washington Post)

Quote: “At the end of the day, the cybersecurity industry is created because technology companies fundamentally have created products that are insecure by design, and we need to fundamentally change that.”—CISA Director Jen Easterly on the threat outlook in 2023 (CNBC)

Read: Okay, we’ll bite, what’s generative AI? (Vox)