Re: Decrypting?
"The scum use AES-128 to encrypt the files and then a 2048-bit key to encrypt the 128 key."
So symmetric and asymmetric encryption respectively...
"As I understand it, the shorter keys are susceptible to brute force crunching these days"
Not really. Unless you have billions of years to spare... Symmetric and asymmetric key lengths are also not equivalent.
"And is it possible/likely that they use the same 2048 bit key for every case?"
If it is used to encrypt a unique AES key which is then stored locally, then yes they could use the same public key to encrypt that on every system.. The private key would remain on the decryption server with the attacker and your encrypted AES key could be decrypted remotely once the ransom had been paid.
"can the HDD be mounted as a secondary drive on something else and have the MBR re-written?"
Potentially, yes. However it presumably encrypts something to stop that being a viable recovery. Otherwise what are the keys for?