Re: Is it legal to pay this?
"That's no reason why we shouldn't have such a law here as every payout encourages the fraud and puts everybody else at increased threat which even if you have good defences (like avoiding the more risky OS) and solid backup it has knock on consequences.
The fact that the threat is only property and not life makes it indefensible plus the only reason they have been caught is because of BOTH inadequate defence against a well known risk and, even worse. even more inadequate backups. That's gross negligence in my book.
The organisations deserve to suffer the consequences if they don't pay up and if they do - even greater consequences. Making the directors personally culpable may be an encouragement for better and safer practices (speaking as a company director myself)."
You haven't really thought through the consequences of your statements. making paying ransoms illegal will just mean people wouldn't tell the police at all, and it's rare that criminalizing being a victim has worked.