Ransomware is different to DDOS though. In the one they potentially have something of real value to 'trade', that being the encryption key. In the other they are forcing you offline, but there are steps you can take to mitigate, prevent, circumvent.... etc etc.
We have had 1 bad ransomware attack, a user ran an infected payload on their laptop, which was connected to their home and team areas, everything was encrypted. Thankfully we have a decent backup system, so we simply restored everything from shortly before the incident (after blocking their laptop from the network till it could be cleaned). We have also been hit by a number of sophisticated DDOS attacks, once we analysed their attack vector we started putting steps into place to reduce it's impact and subsequently negate it entirely.
If we hadn't had any backups of those filestores though, I can quite imagine the CTO agreeing to pay the ransom on the chance we would get the data restored.