(If not, why not?)
(Imho, it would make sense if only the state can pay ransoms)
Why not? Legislators haven’t caught up yet, and banning ransom payments would likely cause some very uncomfortable situations.
This of course raises some pretty uncomfortable questions, should ransom payments in kidnapping cases be banned too? That would presumably cost actual human lives.
A more pressing issue is that banning ransom payments might dissuade ransomware, but wouldn’t affect the main problem of financially motivated hacking. The costs of these attacks are so low that a ransomware payments ban would probably not have stopped checkout.com from being hacked and having their customer data stolen, the criminals will still do crime even if they have to do slightly different crime that pays less.
The group responsible in this case was just selling data stolen from their victims for a long time before they pivoted to much more profitable ransom operations.