Security

Cyber-crime

Cyber-bastard jailed for stealing psychotherapy files, blackmailing patients

Vastaamo villain more than doubled reported crime in Nordic nation


A cyber-thief who snatched tens of thousands of patients' sensitive records from a psychotherapy clinic before blackmailing them and then leaking their files online has been caged for six years and three months.

The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts. 

Specifically, a judge last month found Kivimäki guilty of 9,231 counts of aggravated dissemination of information infringing on individuals' private lives, 20,745 counts of aggravated attempted blackmail, and 20 counts of aggravated blackmail. The former CEO of Vastaamo has already received a three-month suspended sentence for failing to protect his clients' data.

Kivimäki's extortion spree seemingly triggered so many complaints to the police, it caused Finland's reported crime figures to skyrocket in a week, going beyond more than double the usual rate.

During Kivimäki's trial, the judge separated the compensation claims related to the data theft at the Helsinki-based clinic from the criminal case, and these will be scheduled for later trials. Kivimäki, according to the district court, faces more than 5,000 compensation claims to date.

The massive privacy nightmare dates back almost six years to November 2018, when Kivimäki, known online as Zeekill, broke into Psychotherapy Center Vastaamo Oy's IT system and downloaded the patient database. Shortly after, at least some of those patients' sensitive information started appearing online. 

Kivimäki demanded a €200 ($213) ransom payment from each Vastaamo patient, presumably to not leak their data in particular, and that reportedly jumped to €500 ($534) if the initial demand wasn't paid within 24 hours. In addition to dumping names and contact information, the crook also leaked patients' therapy records and session notes.

Finnish authorities issued a warrant for Kivimäki's arrest in October 2022, and the scumbag was snared in France on February 3 last year.

The court determined the crimes had been committed using a server Kivimäki – who previously used the first name Julius – frequently used and he was a partial owner of the datacenter that housed this hardware. He was also found to have personally used an encryption key and IP address connected to the intrusion.

"Kivimäki's guilt was also supported by the fact that he had published messages related to the data breach and extortion on the forum Ylilauda under his pseudonym in a purposeful and fixed temporal connection with the extortion actions," the district court said

All of this made it "implausible that Kivimäki would have been able to publish the messages in the way he did, if he had been outside the criminal organization and had only learned about it from the Supreme Court discussion or, for example, from the media." ®

Send us news
11 Comments

Cyber crooks shut down UK, US schools, thousands of kids affected

No class: Black Suit ransomware gang boasts of 200GB haul from one raid

Uncle Sam charges Russian GRU cyber-spies behind 'WhisperGate intrusions'

Feds post $10M bounty for each of the six's whereabouts

Avis alerts nearly 300K car renters that crooks stole their info

'Insider wrongdoing' to blame for security breach

Transport for London confirms cyberattack, assures us all is well

Government body claims there is no evidence of customer data being compromised

Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

93GB of info feared pilfered in Montana by heartless crooks

So you paid a ransom demand … and now the decryptor doesn't work

A really big oh sh*t moment, for sure

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials

White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown

Russia has seemingly decided who it wants Putin the Oval Office

'Hadooken' Linux malware targets Oracle WebLogic servers

Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now?

I stole 20 GB of data from Capgemini – and now I'm leaking it, says cybercrook

Allegedly pilfered database has source code, private keys, staff info, T-Mobile VM logs, more

Hunters International cyber-gang extorts Chinese mega-bank's London HQ

Allegedly swiped more than 5.2M files and threatens to publish the lot

Cisco merch shoppers stung in Magecart attack

The 'security issue' was caused by a 9.8-rated Magento flaw Adobe patched back in June