A Necessary Evil?
It would be one thing if these companies were charged with preventing ransomware attacks and then surreptitiously encouraging them so they could charge for data recovery, but negotiating with ransomers after the fact, handling the payoff, and running the decryption tool is what they're charging for. If the data is strongly encoded, the fastest and easiest way to decrypt it is obtaining the key. Yes, you could wait around for someone to try to find a weakness in the implementation to exploit but "negotiating with criminals v. not making it lucrative for them" is an argument far removed from the boardroom and in the meantime your company is losing money (and try finding a white hat to write a decryption tool for you for $3050). It might cost a pretty penny, but dollars to doughnuts your finance department will prefer this to purchasing bitcoin to send to a mathematically unidentifiable recipient. This way, they get a neat line item to put on the budget and the data comes back, hopefully to be protected better next time.
As Patrick O'Brian writes: "You might think it is a far cry from...a long-established, eminently respectable firm...to a band of criminals; but the eminently respectable know the less respectable and so down to the very dregs."