Banning insurance in a market that naturally denies it just opens people up to be more arbitrarily singled out by the fickleness of fate. Making payments illegal and requiring people who are vulnerable to ransomware (i.e. everyone) to pay to be audited for good security practices on a regular basis is a more reasonable approach to eliminate the threat - do that for thirty years or so and the best practices for combating ransomware will become common knowledge and standard practice.