"via a consultant or security professional who is able to verify that the decryption keys will work and the malware infection can be thoroughly purged after"
Please someone explain to me, how can any security professional know this without access to to the decryption key in advance? Is this the equivalent of an independent hostage negotiator trusted by both the police and the mafia? Such people do exist, apparently.