I was under the impression that the vast majority of people who "pay up" do receive decryption keys. If they did not, it would annihilate the income stream of the hackers. If paying does not decrypt your data, then ultimately no one will pay... That makes their 'business model' completely pointless.
What can the authorities do about encrypted files? Absolutely nothing. It's airtight mathematics right now, unless your community police center has a quantum computer.