Ransomware acquire the leverage necessary for ransom extraction via encryption of irreplaceable data. Successful encryption requires secure key generation and therefore comprehension of key generation strategies deployed in ransomware is critical for developing effective response and recovery solutions. This paper presents a systematic study of key generation strategies observed in modern ransomware with the goal of facilitating swift identification of cryptographically insecure and operationally nonviable key routines in novel threats. Empirical evidence of the identified strategies is provided in the form of code snippets and disassembly of real-world ransomware. Additionally, the identified strategies are mapped to a timeline based on the actual ransomware samples where these strategies were observed. Finally, a list of 10 questions provides guidance in recognizing the critical intricacies of key generation and deployment in novel ransomware.