No, they typically sold stolen information on private/underground/invite forums or IRC.
Instead of crypto-randomware, it would be an all out worm or booter that would crush a service who would have to acquiesce to demands. Luckily, there weren't too many good services in existence, Cloudflare didnt exist, c10k was a mind blower, webdev was AJAX, XMLRPC, and CGI. The term TLS hadn't been coined, it was still called SSL, and nobody used it.
Instead of a money orders, they would trade trade calling cards, NEXON codes, gift cards, other stolen data like "fulls" or exploits or accounts for compromised infrastructure.
People would operate DDoS botnets for cash, spam you with V1@GRA ads from cracked boxes or hijacked relays, and the evergreen scam of fake RMAs. Let me know if "LOAD A PALLET OF CATALYST CHASSIS ONTO A BOAT OR ELSE ILL RELEASE YOUR SERIAL NUMBER DATABASE AND ALGORITHM ON MYSPACE" sounds scary or not.
The real difference is now we're 28 years into "Eternal September"[0], the whole planet is participating more or less. Cryptocurrency is possibly an enabler, but if it weren't that it would be Apple or Google Play codes. Just straight up exfil and sell.
In conclusion, these attacks didn't happen before Apple store or Google Play.
I don't think Apple or Google credits would be effective for large-scale ransomware. Not anonymous, could be stopped by a slightly-motivated central authority. It works for preying on individuals, however, because they don't have enough clout to force the issue.
No, of course not. However, they could easily be used to exchange for access to data exfiltrated in the post exploitation phase. Or just money orders held in escrow a'la 1990's Ebay.
The workflow is:
Target->Crack->Retrieve->Store->Sell on hackforums
Maybe there is a way to automate this old school method, but nobody developed it because why bother.
How practical is it to transfer a million USD in gift cards to a criminal in another country on the other side of the globe? What kind of logistics would be involved?
Another way to look at it is that cryptocurrency has been around for what, ten years? And it seems in the past six months or so there’s been more ransomware attacks, certainly more high-profile ones, than there has been in the previous 9.5 years. So clearly there’s more to it than just the existence of cryptocurrency.
