When I first read it I was sure they are going to pay if the amount is cleverly chosen. That's what the hackers did. What I am asking myself is though why don't the hackers ask for an anonymous cryptocurrency? They now have all the hassle to get the BTC through mixers and exchanges. Or they do have agreed upon p2p deals at discounts. That could be a possibility, maybe even the most likely possibility of all of them.
Probably the largest transaction volume and the easiest to get. Anonymity doesn't matter because it'll be quite easy to mix them around and be untraceable.
But there was another, much cheaper option. That was to purchase a good anti-virus software such as Kaspersky for their computers and servers. It would have cost around $5 per machine, per year. And according to my calculations, that option was much cheaper when compared to paying millions in ransom. I can't really believe that these pipelines are being run by incompetent people, who allowed the computers to be infected with ransomware.
An antivirus can only do so much to protect their user. If you're a company that is of interest to any attackers, an antivirus would provide VERY little resistance to them. Your antivirus can only detect using their heuristic and suspicious behavior but it wouldn't matter if the attacker is able to use certain zero-day exploits or something similar to evade detection. Your best bet is to reduce your attack surface, airgapping for example but Stuxnet has proven that less than effective.