Ransomware generally uses asymmetric-key cryptography, which involves two keys: the public key and the private key. When you get hit by ransomware, the malicious program running on your computer connects to the bad guys' server (the command-and-control, or C&C), which generates both keys. It only sends the public key to the malware on your computer, since that's all it needs to encrypt the files. Unfortunately, the files can only be decrypted with the private key, which never even comes into your computer's memory if the ransomware is well-written. The bad guys usually state that they will only give you the private key (thereby letting you decrypt your files) if you pay up, but of course you have to trust them to do so.