The way this ransomware works still requires a centralized command and control server; without one, it would be possible to trigger the "unlock" codepath in the client without paying the authors.
The authors run a key-storage service which notifies the client (and provides a private key) once payment is received.
In this case the authors are still at a substantial advantage, though - as long as enough unlocks work that "just pay up" is the advice given online, they don't have to care if their C+C server is down half the time or the feds take it down, because the money rolls in even when the decryption isn't working.
The authors run a key-storage service which notifies the client (and provides a private key) once payment is received.
In this case the authors are still at a substantial advantage, though - as long as enough unlocks work that "just pay up" is the advice given online, they don't have to care if their C+C server is down half the time or the feds take it down, because the money rolls in even when the decryption isn't working.