• caglararli@hotmail.com
  • 05386281520

Why Ransomware generate keypair in victim?

Çağlar Arlı      -    16 Views

Why Ransomware generate keypair in victim?

I read this answer Ransomware encryption keys and understood how wannacry works. But I still have a question: as I understand, the hacker will put the hacker's RSA public key in the malware, the victim machine will randomly generate an AES key, after encryption is complete, the malware will encrypt the AES key with the hacker's RSA public key and saved on the victim's computer, the victim buys the key, the hacker will ask to send the encrypted AES Key file to him and then he will decrypt and send it back https://qr.ae/pskG5A.

But when reading analysis articles about wannacry, I see that both the hacker and the victim must each generate a pair of keys, the victim's private key will encrypt the AES key and then the hacker's public key will encrypt the victim's private key. Why waste time generating an additional key pair on the client? What is the effect of creating a new RSA keypair on the machine being infected?