Kyber ransomware represents a significant threat through dual-platform deployment capabilities targeting VMware ESXi virtualization infrastructure and Windows file systems. During a March 2026 incident response engagement, two Kyber payloads were recovered from the same environment. The ESXi variant, written in C++, specifically targets VMware environments with datastore encryption, VM termination, and management interface defacement capabilities. The Windows variant, written in Rust, includes experimental Hyper-V targeting features. Both samples share campaign identifiers and Tor-based infrastructure, confirming coordinated cross-platform operations. Despite advertising post-quantum Kyber1024 encryption, the ESXi variant actually uses ChaCha8 with RSA-4096 key wrapping, while the Windows variant implements the claimed AES-256-CTR with Kyber1024 hybrid scheme. The ransomware includes anti-recovery measures, service termination, and effective encryption strategies designed to cause complete operational disr...