[tsujamin]

Out of curiosity what's the source on that? AFAICS there's no clear legislation restricting it (although a lot of talk about such a bill in the future). It is in standard contract terms?

[hiharryhere]

Source is a close relative involved in responding to a recent, well publicised data breach.

They service several large commonwealth departments and were instructed by them not to pay.

[hug]

They instruct you not to pay, but that instruction has absolutely no binding.

The Australian orgs I have deal with in large compromises have universally opted to pay to prevent release, where it was financially feasible.