For hacker having both an original file and the encrypted version that file should be relatively easy to retrieve the key? Especially if the virus XOR all or a part of the file. Otherwise a hacker may look at the random function that generate the key in the source code of the virus it may be weak and take values from the computer and time of infection.