According to an article by Jenni Bergal in Insurance Journal, (https://www.insurancejournal.com/news/national/2021/07/27/624483.htm) Pennsylvania is one of three states - New York and North Carolina are the others - considering a ban on state and local government agencies paying ransom in cyber attacks. These bills have drawn support and opposition.
On one hand, ransomware payments contribute to criminal activity. They are discouraged by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). Supporters of state laws see them as a deterrent; if criminals don't get paid the attacks will stop.
However, some experts feel a ban will do more harm than good. Hackers will steal data and sell it on the dark web if ransom is not paid. A state by state ban may mean little in a broad based attack, or criminals may target states without a ban. Beyond the cost of ransomware, attacks can damage local agency computer systems beyond repair.
In the long run, the best way to combat ransomware is through federal and state efforts to help companies and local governments protect themselves, and provide funds to cash strapped agencies to strengthen their security systems.