Ok they were dumb not having backups, but what i can't understand is, they have been locked out for over a month. During such time, why didn't they simply clear the drives and reinstall the software, and call it a day? There systems were down anyway, so better to now clean house. Maybe the total cost would be less than $600,000. Maybe it would be more than $600,000. Who cares. This is a blessing in disguise. They'd become more serious about their system management. The worst thing one can do is give in to the ransom demands.
So the take away from this payout:
1. They didn't learn from their mistakes and potentially still vulnerable to the same and even a myriad of other simple (and more complex) attacks.
2. They pay out when the going gets moderately tough after only weeks.
3. It encourages not only the original thieves to attack again but now the whole world knows you're an easy target.