If I had to make an educated guess...
I'd say that the ransom message was sent to some clueless management bod, who decided to pay discreetly without discussing the issue with their IT department. Either that or the IT department was crap*.
"A fool and his money..."
* either because of underfunding/ understaffing (from my experience, the most common cause) or the IT dept. consisting in a bunch of noobs.