Because the ledger is pseudonymous. Meaning that if they can connect your real identity with your wallet address at any point, then your entire transaction history is revealed.
In your ransomware example, it means that if you ever used that wallet for anything in the past or future that can be connected to you then they now have a pretty good proof that you committed a serious crime. And everyone who transacts with that wallet now can be questioned if their identity is connected with their wallet
It would be like if you took someone hostage and asked for marked bills with the serial numbers recorded. And also providing the cops with a list of all the other times you might have committed a kidnapping.
Most criminal enterprises deal with cash because because it acts nothing like bitcoin. No transaction history, no nothing
Criminal organizations must be seeking same optimal risk/fee balance as any other. Cons of cash is, it is hard to move around. Some may use cash only, some a proportion of both, what makes you so sure? You can imagine two bitcoin wallets cash/date-gapped in some low-control country for a meaningful fee and now you have at least a grey wallet instead of black one. Do you think that FBI agents sit at every crypto exchange and watch who does what? Or is there something that prevents from incrementally laundering the money this way?