60 minutes this week, correspondent Bill Whitaker reported Ransomware attacks. Hackers from around the world have hijacked tech companies, hotels, casinos and hospitals in the United States by encrypting them and asking for ransoms to unlock their ransoms.

Jon DiMaggio, a former analyst who works for the NSA, now investigates ransomware as the chief security strategist for cybersecurity company Analyst11.

"We're just destroyed," he told Whitaker in an interview. "The money that flows out of our economy, in the hands of criminals, is astronomy."

Dimaggio said he has spent years building relationships with ransomware hackers on the dark web and is committed to the leadership of ransomware gang Lockbitt.

He told 60 minutes: "I realized these guys are easy to get in touch...I can pretend I am someone else and go out and talk to them and extract information."

Dimaggio said he developed fake online characters by creating social media and email accounts, and then posting and communicating with people online to create “a broad footprint that only real people can have.”

He then communicates with individuals on the “site” and goes from low-level hackers to leaders of ransomware gangs.

"Sometimes it can take several months," he said.

"I realized there are real people like you and me. Many of them have stories...backstory can help you understand criminals and understand what drives them."

Dimaggio said he sometimes communicates with hackers like himself - taking a more "honest" approach, which can give hackers a chance to "open".

He provides reports and discoveries online in a series of ways like "Ransomware Diary".

Lockbit is one of the most notorious ransomware gangs in the world. Since they first started operating, they have been behind the ransom theft and have extorted more than $120 million from victims around the world.

In 2023, Lockbit was responsible for ransomware attacks on Chinese industrial and commercial banks, affecting assets worth more than $9 billion. They also followed American aviation giant Boeing, stealing data, and then posting it on Lockbit's leaked website.

Lockbit is what Dimaggio calls a "ransomware-service" gang. They provide services such as attacks, ransom negotiation support, infrastructure and malware in ways that store and leak data, to the group of member hackers who conduct actual attacks. If the victim pays the ransom, the member gang and Lockbit separate the funds.

Last year, the Justice Department worked with the UK and other international law enforcement agencies to seize control of the Lockbit server and several of its websites.

The Justice Department also canceled the indictment, accusing two Russian nationals Artur Sungatov and Ivan Kondratyev, and deployed Lockbit ransomware against numerous victims across the United States and victims around the world.

Dimaggio said he was close to one of the men, Kondratyev, also known as Bassterlord, and knew his backstory.

He said Kondratyev grew up in the Ukrainian region where Russia took over in 2014. His mother was sick at the time and he needed a way to support his family and pay the bills.

"So he used what was available to himself, and that's what led to him becoming a cybercriminal. He needed to help his family," Dimaggio explained.

Dimaggio said he was also able to speak with the head of Lockbit Gang, one of several people using the alias "Lockbitsupp", a shorthand for "Lockbit support".

In May 2024, the Justice Ministry sued a Russian national who believed that it was using the alias "Lockbitsupp", and Dmitry Yuryevich Khoroshev accused him of being the creator, developer and administrator of Lockbit. Dimaggio believes this is the person he talks to in the attack on a U.S. hospital.

In January 2024, Lockbit claimed responsibility for the attack on St. Anthony's Hospital, a nonprofit community hospital in Chicago. Lockbit copied the hospital’s patient and administrative data and threatened to pay the ransom if they did not pay.

Dimaggio said the Lockbit branch encrypted the entire network of hospitals used to treat patients, and he was concerned that it could hurt people who need treatment.

He approached "Lockbitsupp" and tried to convince him to give up the decryption key so that the hospital could restore its system online.

"I believe I can let him do the right thing and return the decryption key... Unfortunately, I was wrong."

St. Anthony's Hospital acknowledged a "data security incident" and had copied files containing patient information, but they said they were able to "continue to provide patient care without interruption." They also said they reported the attack to the FBI, as well as regulators such as the U.S. Department of Health and Human Services.

Dimaggio told 60 Minutes that while the successful seizure of Lockbit's servers and revoking its website's evictions are an important step in the right direction, the United States can "better" when addressing the scourge of ransomware.

“For example, if we use an authority owned by the National Security Agency (NSA), you don’t need a judge to sign in it and you can do things that law enforcement can’t do in certain operations and we’ll be more effective,” he said.

"We are under-people. We are under-enhancing. We are under-resourced compared to what we are facing."

The video above was originally released on April 14, 2024. It was produced by Will Croxton and edited by Sarah Shafer Prediger. Georgia Rosenberg is a broadcast assistant.