Not have the suckers lost their data. Now must they be a criminals for paying the ransom?
Because they should have and easily could have set-up a proper backup system to protect their data, as well as ensured that they had defence's in place to prevent loss in the first place.
The ransom payer is at least partially responsible. The payer is not as responsible as the criminal or threat actor who demands the ransom, who could be using ransomware payments to expand his criminal activities, to improve his attack technology, to finance other crimes and threats such as terrorism, drugs, human trafficking and more. Those who have paid this ransom which have fueled the resolve of the criminals allowing the attacks continue.
Any computer user with data of value to themselves or others should ensure that their anti-virus software is current and effective, and if needed, invest in something that is such as Barkly behavior based detection. Additionally they should ensure that they have proper backups that are vaulted, versioned and verified such as BaQapp. The only mitigating factor against prosecution if caught paying illegal ransom would be that you had taken reasonable precautions to protect your data.