You would need a way to legislate this globally. Outlawing it here in the US only intensifies the prisoner dilemma aspect of this - the criminal enterprises keep winning the remaining 85% of world GDP, while all US companies suffer the most from the ransomware.

You'd likely still see US companies pay the ransom anyway, but just try to keep it secret. Probably less risky than losing their crucial data and systems.