Cyber-bastard jailed for stealing psychotherapy files, blackmailing patients

Vastaamo villain more than doubled reported crime in Nordic nation

A cyber-thief who snatched tens of thousands of patients' sensitive records from a psychotherapy clinic before blackmailing them and then leaking their files online has been caged for six years and three months.

The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts. 

Specifically, a judge last month found Kivimäki guilty of 9,231 counts of aggravated dissemination of information infringing on individuals' private lives, 20,745 counts of aggravated attempted blackmail, and 20 counts of aggravated blackmail. The former CEO of Vastaamo has already received a three-month suspended sentence for failing to protect his clients' data.

Kivimäki's extortion spree seemingly triggered so many complaints to the police, it caused Finland's reported crime figures to skyrocket in a week, going beyond more than double the usual rate.

During Kivimäki's trial, the judge separated the compensation claims related to the data theft at the Helsinki-based clinic from the criminal case, and these will be scheduled for later trials. Kivimäki, according to the district court, faces more than 5,000 compensation claims to date.

The massive privacy nightmare dates back almost six years to November 2018, when Kivimäki, known online as Zeekill, broke into Psychotherapy Center Vastaamo Oy's IT system and downloaded the patient database. Shortly after, at least some of those patients' sensitive information started appearing online. 

Kivimäki demanded a €200 ($213) ransom payment from each Vastaamo patient, presumably to not leak their data in particular, and that reportedly jumped to €500 ($534) if the initial demand wasn't paid within 24 hours. In addition to dumping names and contact information, the crook also leaked patients' therapy records and session notes.

Finnish authorities issued a warrant for Kivimäki's arrest in October 2022, and the scumbag was snared in France on February 3 last year.

The court determined the crimes had been committed using a server Kivimäki – who previously used the first name Julius – frequently used and he was a partial owner of the datacenter that housed this hardware. He was also found to have personally used an encryption key and IP address connected to the intrusion.

"Kivimäki's guilt was also supported by the fact that he had published messages related to the data breach and extortion on the forum Ylilauda under his pseudonym in a purposeful and fixed temporal connection with the extortion actions," the district court said

All of this made it "implausible that Kivimäki would have been able to publish the messages in the way he did, if he had been outside the criminal organization and had only learned about it from the Supreme Court discussion or, for example, from the media." ®

Send us news

'Cyberattack' shutters Christie's website days before $840M art mega-auction

Going once, going twice, going offline

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Crook brags about US Army and $75B defense biz pwnage

More government data allegedly stolen by prolific criminals

FCC names and shames Royal Tiger AI robocall crew

Agency is on the lookout for a Prince among men

Ransomware negotiator weighs in on the extortion payment debate with El Reg

As gang tactics get nastier while attacks hit all-time highs

America's enemies targeting US critical infrastructure should be 'wake-up call'

Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man

Europol op shutters 12 scam call centers and cuffs 21 suspected fraudsters

Cops prevented crims from bilking victims out of more than €10m - but couldn't stop crime against art

REvil ransomware scum sentenced to almost 14 years inside, ordered to pay $16 million

After extorting $700 million from thousands of victims

Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures

Major intrusions by both China and Russia leave a lot to be answered for

UnitedHealth CEO: 'Decision to pay ransom was mine'

Congress to hear how Citrix MFA snafu led to massive data theft, $870M+ loss