Attackers tend to target major organisations like banks, software companies, vendors & financial firms. On May 7th Colonial Pipeline got attacked. A ransomware attack had been executed, completely shutting down their supply of fuel & gas. The company suffered major losses. This is one of the purposes of attacks like these, to de-stabilize an organisation to cause either confusion & chaos or financial gain.
Most businesses and/or organisations pay the money straight away, but in some cases, it’s better to just regard the compromised system as ‘lost’ and restore it to its previous version.