Interesting indeed. Although for me, this is just added incentive to the hackers. https://www.bleepingcomputer.com/ne...at-work-paid-ransom-out-of-their-own-pockets/
Harsh lesson, right? Thing is, if the boss or supervisor finds out anyway, the employee loses further, like it's sneaky. I sympathize, though.
The main issue with this is the ransomware could have done more than just encrypt files. And it could still be resident or vectors established to re-encrypt again. Bottom line - a very poor decision by these individuals and one that will surely get them fired if discovered. Whereas, reporting the ransomware incident probably would result in a reprimand at most.