Paying a ransom is already illegal sometimes
Under the Proceeds of Crime Act 2002, and the Terrorism Act 2000.
And frankly, if my mum was in an ICU that got "shut down" by ransomware I would still be demanding that they do NOT pay any ransom.
If only because I could not possibly trust any of the "decrypted" files.
Nuke the site from orbit and restore from a backup. It's genuinely the only way to trust the system ever again.