IDK. From a certain point of view, you could view them as doing a service.
What if a different kind of criminal had used these exploits? Not one that wanted $300 in bitcoin, but one that actually wanted to cause harm? They could have deleted files and never given them back, and they could have stopped any software running on the machines.
They have about 150 transactions on their accounts, totally tens of thousands of dollars at max.