Re: Is there single key ?
There are much simpler approaches. One is to encrypt data on each victim machine with a random key, and leave copies of that random key on the victim machine, encrypted with a per-target key and a global key. Then either the per-target key or the global key can be used to decrypt the data on that particular machine.
The per-target key can be produced by a KDF that takes as input some global secret and some data derivable from the target organization, so the attackers don't have to store the keys.
That's just as secure, and far more scalable, than having some central database of encryption keys for every system.
There's a large body of literature on key splitting and key sharing.