If the ransom is low, say $300 for a multimillion-dollar organization, then it might make sense to adopt a hybrid approach. This could include simultaneous efforts to pay the ransom, to triage the system, and to attempt to restore from a backup server.
Organizations contemplate if system downtime is more dire than the consequences of the ransom. A hybrid approach ensures that the system will be operational in some amount of time, no matter what. To minimize the expended resources and the impact to the organization, hybrid solutions should only be attempted by a trained and prepared information security team.