Isn’t it possible to identify the encryption key used for ransomware by finding a known file and seeing how it had changed?

Analyzing a known file and its encrypted version may not directly reveal the encryption key used by ransomware. Ransomware typically employs sophisticated encryption methods that are designed to protect the encryption key from being easily determined through reverse engineering or other methods. The encryption key used is usually kept securely by the ransomware operators or generated in a way that makes it difficult to extract from the encrypted data alone.