The post said encryption is performed with a new symmetric key K, and then K is encrypted with the attacker's asymmetric public key.
Remember asymmetric encryption doesn't scale for large amounts of data - which is why systems like TLS and full-disk-encryption still use symmetric keys - the asymmetric cryptoschemes are only really used during handshaking and for the exchange of symmetric keys.
Probably obvious, but they would not want to send a private key which could be used to help other victims. If they generated a symmetric key locally and encrypted it with their provided public key, they could decrypt the symmetric key for you in exchange for payment.
The generated key is encrypted and the user has access to it.
So, you send the encrypted key and pay the randsome to get the unecrypted private key. Is that so?
>... get The unencrypted secret symmetric (session/encryption) key
So ransomware ships with public key PubK, generates symmetric key K, encrypts user files - plaintext message M to get encrypted files, cipher text C:
K=128 random bits, generated on target system
C=aes(K, M)
Then the key K is encrypted with the public key PubK, yielding encrypted key, Ks. Finally K is deleted from memory/overwritten.
Ks can be decrypted by private key PrivK - known only to the author of the ransomware.
Now, the victim sends Ks and payment to the author/attacker.
The attacker decrypts Ks using PrivK, and gets K, which is sent back to the victim - who can presumably supply K to the ransomware. Ransomware then uses K to decrypt C, yielding M - the unencrypted files.
The post said encryption is performed with a new symmetric key K, and then K is encrypted with the attacker's asymmetric public key.
Remember asymmetric encryption doesn't scale for large amounts of data - which is why systems like TLS and full-disk-encryption still use symmetric keys - the asymmetric cryptoschemes are only really used during handshaking and for the exchange of symmetric keys.