A cryptographic key held by ransomware operators that is required to reverse file encryption. Attackers promise to provide this key upon ransom payment — though delivery is never guaranteed.
In a ransomware attack, the decryption key is the attacker's primary leverage. Modern ransomware generates a unique encryption key for each victim (and often per file), encrypts those keys with the attacker's master key, and stores the encrypted keys alongside the locked files. Without the attacker's private master key, the per-file keys — and therefore the files themselves — cannot be recovered through any computational means. This is what makes ransomware so devastating: the encryption is mathematically sound.
Even when victims pay the ransom, receiving a working decryption key is not guaranteed. Studies show that only about 65% of paying victims recover all their data. Decryptor tools provided by ransomware groups are often poorly coded, crash during decryption, corrupt files, or run extremely slowly — sometimes taking weeks to decrypt what the ransomware encrypted in hours. Some victims have paid multiple times before receiving a functional tool.
In some cases, free decryption tools are available. Law enforcement operations that seize ransomware infrastructure may recover master keys and release decryptors. Security researchers sometimes find cryptographic flaws in ransomware implementations that allow decryption without the key. The No More Ransom project (nomoreransom.org) maintains a collection of free decryption tools for various ransomware families. Always check these resources before considering payment — and always rely on backups as your primary recovery strategy.