Rebuild and move on.
"Companies with usable backups may still be willing to pay to prevent their data being published and, even if they are not, the data may be sold to competitors or sold and traded with other criminals."
And if you give these low lives a large wedge you think they won't sell your stolen data any way? Because they are in some way honerable?
No point paying. Tighten security. rebuild your servers. Sacrifice the boardmember who didn't want to fund the extra security to the GDPR gods and move on.