In ransomware, an attack essentially leverages the main idea of hybrid encryption to attack users. Without paying Bitcoins to the attacker, a user cannot recover its data.

If an attacker can only leverage symmetric-key encryption to encrypt users data in a ransomware, then what are the major steps in this attack such that this attacker can still provide a copy of a decryption key if a user pays Bitcoins. From the perspective of this attacker, compared to using hybrid encryption, what are the limitations of this attack if it only uses symmetric-key encryption?