This week on 60 Minutes, correspondent Bill Whitaker reported on ransomware attacks. In the last year, hackers from around the world have teamed up to attack tech companies, hotels, casinos, and hospitals in the United States, taking their data hostage by encrypting it and demanding ransom for the keys to unlock it.
Jon DiMaggio, a former analyst who worked for the National Security Agency, now investigates ransomware as chief security strategist for the cybersecurity firm Analyst1.
"We're just getting destroyed," he told Whitaker in an interview. "The amount of money that's going out of our economy, going into the hands of criminals, is astronomical."
DiMaggio said he has spent years developing relationships with ransomware hackers on the dark web and worked his way up to the leadership of the ransomware gang LockBit.
DiMaggio shared his method of developing fake online personas, which involves creating social media and email accounts to interact with people online and establish a "wide footprint that only a real person would have."
He then engages with individuals involved in cybercrime, gradually building relationships from lower-level hackers to the leadership of ransomware groups.
"Sometimes it can take months. Right now, I've got a relationship with a threat actor that's going on over a year and a half," he revealed.
"What I realized is there are real people just like you and I that are behind this. Many of them have stories…that backstory helps you understand that criminal and understand what drives them."
DiMaggio also mentioned that he occasionally communicates with hackers using his real identity, opting for a more "honest" approach to encourage the hacker to open up.
LockBit, one of the world's most infamous ransomware gangs, has carried out attacks on over 2,000 victims and extorted more than $120 million from targets worldwide since their inception.
Last fall, LockBit wreaked havoc with a ransomware attack on the Industrial and Commercial Bank of China, disrupting the settlement of over $9 billion worth of assets. In another brazen move, they targeted the American aerospace giant Boeing, pilfering its data and subsequently making it public on LockBit's leak site.
Described as a "ransomware-as-service" gang by DiMaggio, LockBit provides a range of services to affiliate hacking groups. These services include the malware used in attacks, assistance with ransom negotiations, infrastructure, and methods for storing and leaking data. In the event that a victim pays a ransom, the funds are divided between the affiliate gang and LockBit.
In February, the Department of Justice, in collaboration with the United Kingdom and other global law enforcement agencies, took control of LockBit's servers and various websites.
Additionally, the DOJ unveiled an indictment against two Russian individuals, Artur Sungatov and Ivan Kondratyev, for deploying LockBit ransomware against numerous victims in the United States and worldwide.
DiMaggio disclosed that he had a close relationship with Kondratyev, also known as Bassterlord, and was familiar with his background.
According to DiMaggio, Kondratyev grew up in a Ukrainian region that was annexed by Russia in 2014. During this tumultuous period, his mother fell ill, and he found himself in need of a means to support his family and cover their expenses.
"He resorted to the resources available to him, which ultimately led him down the path of cybercrime. His primary motivation was to provide for his family," DiMaggio elaborated.
During his investigation, DiMaggio mentioned that he managed to establish communication with the head of the LockBit gang, known as "LockBitSupp," a pseudonym for "LockBit Support."
In a recent incident in January, LockBit took credit for a cyberattack on Saint Anthony Hospital, a not-for-profit community hospital located in Chicago. The hackers infiltrated the hospital's systems, copied sensitive patient and administrative data, and threatened to expose it unless a ransom was paid.
DiMaggio revealed that the LockBit affiliates encrypted the entire network of the hospital, impacting its ability to provide essential medical services to patients. He expressed concerns about the potential harm this could cause to individuals in need of urgent medical attention.
In an attempt to assist the hospital, DiMaggio reached out to "LockBitSupp" and urged them to provide the decryption key to restore the hospital's systems. Despite his efforts, DiMaggio expressed disappointment as his persuasion was unsuccessful in convincing the hacker to cooperate.
DiMaggio expressed to 60 Minutes the importance of the successful seizure of LockBit's servers and the takedown of their websites as a step in the right direction. However, he also highlighted areas where the U.S. can improve in combating ransomware. "If we were to utilize the authorities that the NSA has, where you don't need a judge to approve it and can take actions beyond law enforcement's capabilities in these operations, we would be much more effective," he stated. "We're facing a situation where we are understaffed, underpowered, and under-resourced compared to the challenges we are encountering."
Produced by Will Croxton. Broadcast associate: Georgia Rosenberg. Edited by Sarah Shafer Prediger.