Security

Cyber-crime

Cyber-bastard jailed for stealing psychotherapy files, blackmailing patients

Vastaamo villain more than doubled reported crime in Nordic nation


A cyber-thief who snatched tens of thousands of patients' sensitive records from a psychotherapy clinic before blackmailing them and then leaking their files online has been caged for six years and three months.

The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts. 

Specifically, a judge last month found Kivimäki guilty of 9,231 counts of aggravated dissemination of information infringing on individuals' private lives, 20,745 counts of aggravated attempted blackmail, and 20 counts of aggravated blackmail. The former CEO of Vastaamo has already received a three-month suspended sentence for failing to protect his clients' data.

Kivimäki's extortion spree seemingly triggered so many complaints to the police, it caused Finland's reported crime figures to skyrocket in a week, going beyond more than double the usual rate.

During Kivimäki's trial, the judge separated the compensation claims related to the data theft at the Helsinki-based clinic from the criminal case, and these will be scheduled for later trials. Kivimäki, according to the district court, faces more than 5,000 compensation claims to date.

The massive privacy nightmare dates back almost six years to November 2018, when Kivimäki, known online as Zeekill, broke into Psychotherapy Center Vastaamo Oy's IT system and downloaded the patient database. Shortly after, at least some of those patients' sensitive information started appearing online. 

Kivimäki demanded a €200 ($213) ransom payment from each Vastaamo patient, presumably to not leak their data in particular, and that reportedly jumped to €500 ($534) if the initial demand wasn't paid within 24 hours. In addition to dumping names and contact information, the crook also leaked patients' therapy records and session notes.

Finnish authorities issued a warrant for Kivimäki's arrest in October 2022, and the scumbag was snared in France on February 3 last year.

The court determined the crimes had been committed using a server Kivimäki – who previously used the first name Julius – frequently used and he was a partial owner of the datacenter that housed this hardware. He was also found to have personally used an encryption key and IP address connected to the intrusion.

"Kivimäki's guilt was also supported by the fact that he had published messages related to the data breach and extortion on the forum Ylilauda under his pseudonym in a purposeful and fixed temporal connection with the extortion actions," the district court said

All of this made it "implausible that Kivimäki would have been able to publish the messages in the way he did, if he had been outside the criminal organization and had only learned about it from the Supreme Court discussion or, for example, from the media." ®

Send us news
11 Comments

I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice

Remote position, webcam not working, then glitchy AI face ... Red alert!

Ransomware isn't always about the money: Government spies have objectives, too

Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data

Arizona laptop farmer pleads guilty for funneling $17M to Kim Jong Un

300+ US companies, 70+ individuals hit by the fraudsters

Russia's Sandworm caught snarfing credentials, data from American and Brit orgs

'Near-global' initial access campaign active since 2021

Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining

These crooks have no chill

Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims

OCR plugin great for extracting crypto-wallet secrets from galleries

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices

Another banner year for ransomware gangs despite takedowns by the cops

And it doesn't take a crystal ball to predict the future

Baguette bandits strike again with ransomware and a side of mockery

Big-game hunting to the extreme

Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

And now you won't stop calling me, I'm kinda busy

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

And: America 'has never been less secure,' retired rear admiral tells Congress

Crimelords and spies for rogue states are working together, says Google

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us?