Easy to say
This is where we should point out that paying ransomware fees is a really bad idea. Security and law enforcement groups alike agree that keeping regular offline backups and patching your software is a far better plan than paying demands, and there is no guarantee you will even get your data back should you agree to foot the extortion fees.
Discussing what a company should have done before they got infected is all well and good, but serves no purpose to them once infected.
It i true there is no guarantee that paying up will get your business critical information back, but if it does you're only really out the cost of a bribe, and some competent staff to extricate you from the remaining tech debt. If you don't pay it you guarantee that you don't get your data back and you cease trading. A few hundred bucks, even a few thousand, in that light, would be well worth the money.
The age of respondents is curiously close to university age, so it'd be entirely forgivable that someone young has done something dumb, and now lost their dissertation which will potentially impact their whole future if they don't recover it, or perhaps just they just don't understand the situation and are worried that the videos of being ridden like Red Rum by a bunch of frat boys are at risk of being exposed rather than forever inaccessible. Who knows. If young people stop doing dumb shit then it probably just means they got older and grew up.