Cybercrime , Fraud Management & Cybercrime

Finnish Hacker Charged With Multiple Counts of Extortion

Aleksanteri Kivimaki Charged for the 2020 Leak of Mental Health Clinic Database
Finnish Hacker Charged With Multiple Counts of Extortion
Aleksanteri Kivimäki in a Finnish courtroom on Feb. 28, 2023

The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain's patient database has been charged in Finnish court with multiple counts of extortion and leaking data.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

Roughly 33,000 patients of the now-defunct Vastaamo clinic were affected by the hacking incident, which became public in October 2020.

Finnish national Aleksanteri Tomminpoika Kivimäki, 26, allegedly hacked the patient database twice, once in November 2018 and again in March 2019.

On Wednesday, Finnish prosecutors charged Kivimäki with 9,598 counts of aggravated dissemination of information violating personal privacy, 21,316 counts of attempted extortion, and 20 counts of aggravated extortion. Prosecutors said that Kivimäki should be sentenced to at least seven years in prison. Kivimäki, who formerly used the first name Julius, has denied guilt.

French police arrested Kivimäki in February after being called to an apartment in suburban Paris for a domestic disturbance (see: Notorious Finnish Hacker 'Zeekill' Busted by French Police).

Authorities extradited Kivimäki - who went by the online aliases "Zeekill," "Ryan," and "ransom_man" - to Finland that same month, where he has remained in pretrial detention.

Vastaamo detected a breach in 2020 after information had leaked online and it had received an extortion demand of 450,000 euros in bitcoins. Kivimäki later allegedly contacted victims directly to demand a ransom of 200 euros within 24 hours, raising the extortion demand to 500 euros if it was not paid within 48 hours. Authorities said cybercriminals later used the leaked patient database to commit fraud.

The Finnish police, who described the event as the largest hack ever recorded in the country, identified a total of 33,086 victims. Police have encouraged victims to file official complaints, evidence used to prepare a report reaching 2,200 pages, ahead of Wednesday's prosecutorial summons. Vastaamo went bankrupt in February 2021.

During the Wednesday hearing, prosecutors said Kivimäki compromised Vastaamo after identifying a vulnerability in its server, Finnish news outlet YLE reported. The hacker used a compromised credential to connect to the hospital's MySQL server to download the patients' records, and Vastaamo's server was just one of 14,000 networks compromised by Kivimäki, Finnish media outlet Iltalehti reported in September.

Prosecutors said police had identified the hacker after he made the mistake of not masking his IP address through a virtual private network, leading authorities to trace the online alias "ransom_man" to Kivimäki.

Following Wednesday's hearing, the case has been moved to the district of Länsi-Uusimaa, where the trial is due to begin on Nov. 13.

A Finnish court last decade found Kivimäki guilty of 50,700 "instances of aggravated computer break-ins" for a hacking spree that the then-17-year-old had committed against U.S. universities and database provider MongoHQ, the BBC reported in 2015. The court imposed a two-year suspended prison sentence.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.