Years ago, "protection rackets" used to be a much bigger problem, often leveraged by the mob. Vinnie would stop into your shop and "make you an offer you couldn't refuse". Pay them monthly "protection money" or goons would come by and smash up your business.
There's a very clear parallel between that and "ransomware" of today. Instead of smashing up your shop, they smash up your computer system. But they do it in a way that they can fix, IF you pay. So the threat comes AFTER the damage instead of before. But otherwise it's the same thing, it's just a reverse-"godfather offer"
It's also got lots of additional benefits for the attackers - it's hard to trace, and easy to do remotely, even from another country. It's very convenient and low-risk for them. So the law needs to approach this from the receiving end, not the sending end, to choke it off. A bit like bribery, it's illegal to OFFER a bribe, but it's equally illegal to ACCEPT a bribe.
It pisses me off every time I see a big outfit pay off ransomware gangs. "one big job" pays their bills and hackers for another six months, AND fund them to upgrade all their hardware and support systems, so they become a MUCH bigger threat for the rest of us. You are funding a criminal organization that is harming the public.
"But my business was crippled, we had no choice, we were going to go bankrupt!" What happens when your busines burns to the ground because you didn't install sprinklers? You go bankrupt. That's what I expect you to do. You made your bed and now you get to lay in it.
So lets flip the script. Vinnie walks up to you as you watch the flames and says hey bud, if you loan me $20k I'll organize a bank heist and rob that little bank over there and your cut will be big enough to rebuild your business. Deal? So you consider funding a criminal gang to help you recover from the consequences of your own bad choices, in a way that will end up harming others. Is that legal? Of course not. It's also incredibly selfish of you, and you're transferring your (well-deserved) problem to some other random innocent people. You'll be indirectly-responsible for the damage they do, but you'll just turn a blind eye to that since you get your business back. You had no choice, right? You HAD to pay them off, right? Just keep telling yourself that.
Paying off ransomware groups absolutely should be illegal.