Trust
My problem with this way of doing business (by RMDR) is about trust. They would, if the scenario had been played out to the last, have taken receipt of "decriptor" software from an unknown source, logged in with admin privileges to their client's systems, and run that dodgy software. Yeah, they might have run some AV tests on it first, but you still wouldn't know whether it would (a) work within or (b) degrade, damage or destroy, the target system. I'd want to know some details of RMDR's liability insurance before I shelled out the ransom+tip, and gave them the admin credentials.
Also, why not just be transparent with the customer? 'Conor Lairg' could easily have told his customer that there was no white-hat decryption available and they recommended ransom, with an agent fee and insurance cost. In looking up Emsisoft, I found their about page, which says "Emsisoft is convinced that treating our customers in an honest and respectful manner is the foundation of sustainable business." Yup.