I have added a captcha (hcaptcha) and I actively check/prevent sign ups from VPNs, VPSes, Tor and banned IP addresses. I also actively check and prevent signups from free email domains (gmail, hotmail, disposable email domains, etc).
I continue to get abusive signups. Is this typical? What else can you do?
Force them to enter a valid credit card and auth $1
At the moment your solution is broken, it's not stopping anyone and providing friction to your genuine users.
These people obviously want to use your service, so revise your pricing/tiers. Don't be so greedy. Find out their pain points, ask them, speak to them directly find out why they're not paying.
Maybe they want to pay you but your payment integration is broken or not supported in their country.