Okay I'll actually chime in since this is falls in my territory.
AtomSilo and LockFile both had bad designs and they didn't encrypt the files with a truly random key. Ultimately the key was in the malware itself and through some relatively simple analysis they figured it out and now able to save those files without paying the ransom.
There are lots and lots of ransomware out there that's not written by an author that didn't care or understand much about security.
If that ransomware just used a random key and then exfiltrated that key into a remote server, in that case, this kind of thing wouldn't work.
And you'd think any malware developer worth any respect would have done it the way I described. And not the way AtomSilo / LockFile does.
VeraCrypt is often used by ransom ware
https://blog.elcomsoft.com/2020/03/breaking-veracrypt-containers/
Okay I'll actually chime in since this is falls in my territory.
AtomSilo and LockFile both had bad designs and they didn't encrypt the files with a truly random key. Ultimately the key was in the malware itself and through some relatively simple analysis they figured it out and now able to save those files without paying the ransom.
There are lots and lots of ransomware out there that's not written by an author that didn't care or understand much about security.
If that ransomware just used a random key and then exfiltrated that key into a remote server, in that case, this kind of thing wouldn't work.
And you'd think any malware developer worth any respect would have done it the way I described. And not the way AtomSilo / LockFile does.