I don't think the Enigma machine example applies here.
The nazi communications were decrypted by a highly centralized and secrative group, making it very difficult for the Nazis to figure out how they were doing it.
But in this case any vulnerability in the ransomware will have to be exploited by many of the affected people to decrypt their files, which means wide distribution, which means that a leak to the ransomware developers will happen sooner than later. If there is no wide distribution of the vulnerability, the ransomware developers win anyway.
> I don't think the Enigma machine example applies here.
It absolutely does. Your claim is "security through obscurity applies when attacking a cryptosystem, so after you figure out how to break it, you should publish the details". By your logic, the Allies absolutely should have published the details of how they broke the Enigma.
> But in this case any vulnerability in the ransomware will have to be exploited by many of the affected people to decrypt their files, which means wide distribution
Yet again, you show your overwhelming ignorance of the field and basic logic. No, the decryption/exploit does not have to be widely distributed. It's extremely easy to realize that the good guys can just keep it tightly-held and provide a service where files are sent to them for decryption.
You should avoid spreading incorrect and harmful anti-information like this.
The nazi communications were decrypted by a highly centralized and secrative group, making it very difficult for the Nazis to figure out how they were doing it.
But in this case any vulnerability in the ransomware will have to be exploited by many of the affected people to decrypt their files, which means wide distribution, which means that a leak to the ransomware developers will happen sooner than later. If there is no wide distribution of the vulnerability, the ransomware developers win anyway.