Regardless of the taxing system, Facebook would already show you as many ads as possible. It makes no sense to me that they would show more ads in EU in that case, because that means that they could also increase the number of ads shown in the US and increase their profit. If anything, it would just cut their surplus.

I don't believe that's entirely true, Facebook has endless channels (e.g. messenger) in which they could introduce or increase their advertising frequency (think Forbes). They could even disclose to end-users that these additional advertisements were being served specifically as they are within the EU, similar to the ubiquitous cookie pop-ups they are already well adjusted to seeing.

If they bring a notable amount of ads people migrate of to snapchat, hangout, signal, telegram, whatever.

They can increase the number of ads, but it's not clear that it would actually increase their profits.

Simplest solution: payment put into escrow, ransom is released to the ransom holder after 365 days provided the source code is not leaked, the ransom is released to the victim if the source code is leaked prior. If the ransom holder released the source after the fact it would be a year out of date.