How does ransomware store their decryption keys? [duplicate]
I've recently got into cyber security and really got into malware, more specifically, ransomware.
While studying some of the strongest ransomware ever (example: WannaCrypt, CryptoLocker, etc...) I've started wondering how they can securely store their decryption keys without being compromised in any way.
For example, let's say I have a AES-256 key which I use for encrypting all the files, that key is then encrypted using RSA, where the victim has to pay to get the private key, which will be then used for decrypting the decryption key.
Now, how is the private RSA key securely stored? I'm new (I'm a normal software developer) so my first idea was "they probably store it in a MySQL database or something" but I don't think that's possible.
The main problem I think about is someone reverse engineering the program and getting the hard-coded credentials out of it, for then getting all the keys back. Other than that, I don't know, but I guess there's some kind of man-in-the-middle attack where one could get between the database connection and the ransomware (I have no idea) or the police could, somehow, get your IP from the database and your email etc...
From my perspective, it actually looks kind of promising to think about, as I'm not an expert, but I'm also pretty sure it's not. What methods do famous ransomware (or normal ransomware) use?
PS: I also thought about the database solution as they could automatically check the blockchain transition, then get the encrypted PC ID (which would be stored along with the key) and automatically give the decryption key back.
