The ANSSI (National IT Security Agency in France) advise companies not to pay, first of all to discourage these kind of attacks, but also because nothing guaranty that you will get your data back and untouched (hackers might have infected them with a spyware).
If there is more and more propagation methods everyday (“Locky” have more than 100 variant), the open door is often the opening of an infected attachment in an email or the execution of an unknown software. But some companies have been infected in the past just because of outdated servers or web browsers.
