'organisations should pay'?
If I were running a ransomware operation I'd want to take a look at whatever was so important that a victim agreed to pay for it. If it's that important to the victim then it's probably worth a higher ransom.
Why would you trust the bad guys to provide the decryption key once you've paid? They're bad guys.
As for 'losing 3 months worth of sales data'... it's a valuable lesson which the brewery could probably have learned at a lower cost.
I very much approve of small breweries in general though - I'll make a point of sampling their product soon.