Adjust the law a bit
Just take this, and expand:
https://www.faegredrinker.com/en/insights/publications/2020/10/ransomware-payments-may-violate-sanctions-laws-us-treasury-department-warns
The Homebrew package manager for macOS and Linux has fixed an issue that could have been exploited by miscreants to run malicious code on people's computers. Specifically, the project's GitHub Actions setup could have been abused to sneak arbitrary Ruby code into its Cask repositories, security researcher RyotaK discovered …
That wouldn't significantly decrease the ransomware infection rate.
The economics are all wrong. Creating ransomware is inexpensive and has non-tangible returns such as intellectual curiosity and bragging rights. Deploying ransomware is nearly free; it's largely done by botnets and other automated systems. The success rate for ransomware attacks can be very, very low and still produce a positive return on investment.
Some victims will bypass any legal constraints in order to pay. Legal liability is a future risk; lack of access to data is a present risk. People overestimate present risks and underestimate future risks – that's why we continue to see stupid crimes with poor rate-of-return (such as bank robbery) being committed.
Consequently, attempts to cut off payment will not have much effect on ransomware attacks. They'll be no more effective than the War on Drugs (or, worse, the idiotic "War on Terror").