Ransomware is just the new kidnap gang, but no need to actually be present, nor keep someone locked up in order to extort money.
So yes, best advice is : Don't pay them, because it just encourages them.
Downside is : If you don't have secure backups of your data, it could seriously harm or collapse your business - which is why they pay, and then pay again and again, and other businesses suffer as a result as the gangs see profit and go after more marks.
Perhaps finding out how much such ransom would be and paying that into IT for enhanced security, backups etc. would be a lot more beneficial - after all, every minute your data is encrypted and unusable is costing you money...
But preaching to the converted: We all know this. Shame so many managers/directors/investors don't.