(no title)

Arguably the bigger problem is you don't know that the ransomer will actually give you a valid key, but suppose you guess a likelihood P that they do.

Now you have some scenarios:

1. Don't pay. We're out $C.

2. Do pay, and get a valid key. We're out $R.

3. Do pay, and get no key. We're out $R + $C.

So the limit is at scenario 1 being equal to the combination of 2 and 3.

Set C = PR + (1-P)(R + C), and your max ransom R = CP

(You could probably work in additional costs for cleaning up even if the ransom is paid.)