Oh yeah I saw that, but this was also interesting:
> This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API. Indeed, for what I've tested, under Windows 10, CryptReleaseContext does cleanup the memory (and so this recovery technique won't work)
> This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API. Indeed, for what I've tested, under Windows 10, CryptReleaseContext does cleanup the memory (and so this recovery technique won't work)
(From https://news.ycombinator.com/item?id=14377328)
So it's yet another security bug in Windows that lets people recover those keys.