Payments that can be reversed are nearly never used by ransomware. The first versions made use of PayPal (it could be reversed so it was very low volumes). Then came moneypak/ukash, which was traded on the illicit market for "real" money (these prepaid cards are valuable in jails, etc). These days, cryptocurrencies predominate. When referring to malicious antivirus software, they took credit card charges. They used dubious payment processors—the guys knew they processed money for criminals—that collaborated with banks and respectable companies in order to reduce their chargeback rate. In most cases, the payment processor—rather than the bank—acted as a go-between for virus distributors and funds. Even still, banks could have known in some situations. Additionally, stolen financial information may be used to withdraw illegal funds. For instance, money may be sent from a known-bad address to a stolen account and then withdrawn using credit cards that have been stolen.