Ransomware using their own cryptographic API will exist for sure, but often the tendency is to use the Windows Crypto API already included in the operating system that ensures reliable encryption process, without errors.
In many new ransomware, the RSA public key is embedded in the code while the basis key is often generated when a function generates random bytes by calculating the corresponding MD5 HASH, which is converted into the necessary key to start the encryption.
In this way, no key is transferred between the victim and the server which already has the RSA private key, while the basis key is provided by the victim when the decryption is required (paying the ransom).
More frequently it happens that many new ransomware have elements which make them dangerous in the short-to-medium term, in particular, they have the tendency to be less identifiable as possible: no direct interaction with the server for the keys exchanging, the dynamic change of the extensions of the encrypted files and as I said, the use of functions already present in the operating system.