A prominent hacker, Julius Kivimäki, once among Europe’s most sought-after criminals, has been sentenced to prison for extorting 33,000 therapy patients by leveraging their stolen session notes. This brings an end to his 11-year spree of cybercrime, which began when he gained notoriety as a member of anarchic teenage hacking groups at the tender age of 13.
The ordeal for Tiina began innocuously enough; she had just finished her customary Finnish Saturday night sauna when her phone signaled an email notification. To her surprise, the email contained her personal details, including her name and social security number, sent by an anonymous sender.
Initially struck by the email’s polite and respectful tone, Tiina soon learned of the ominous reality. The sender disclosed that they had acquired her private information from a psychotherapy center where she had been a patient. What followed was a distressing ultimatum: either pay a ransom within 24 hours or face the publication of two years’ worth of deeply personal therapy records online.
For Tiina, the experience was suffocating. She felt as though her private world had been intruded upon, her life’s traumas being exploited for profit by an unknown assailant. Sadly, Tiina’s plight was not unique.
In what stands as Finland’s most extensive criminal case, a staggering 33,000 therapy patients found themselves ensnared in a web of blackmail, marking an unprecedented breach of privacy.
The stolen database from Vastaamo psychotherapy held the deepest secrets of a diverse swath of society, encompassing even children. Conversations ranging from intimate confessions to sensitive disclosures, including extramarital affairs and admissions of wrongdoing, were now exploited as leverage.
The impact reverberated throughout Finland in 2020, coinciding with pandemic lockdowns, leaving the nation reeling. Mikko Hyppönen of Finnish cyber-security firm WithSecure remarked on the profound shockwave the event triggered, as it dominated news cycles for days. “A hack of this magnitude is catastrophic for Finland—almost everyone knew someone affected,” he remarked.
The repercussions of the blackmail were swift and devastating. Lawyer Jenni Raiskio, representing 2,600 victims, recounted harrowing stories of relatives taking their own lives after their private records were made public. In a poignant moment during the trial, she led a solemn tribute to the victims.
The perpetrator, identified only by the moniker “ransom_man,” demanded victims pay €200 Euros (£171) within 24 hours under threat of publication, escalating to €500 for non-compliance. While some succumbed to the demand, others hesitated—only to find their data already leaked on the darknet forum, the result of ransom_man’s inadvertent blunder.
As authorities raced to uncover the perpetrator’s identity, suspicions coalesced around a young Finnish individual, already notorious in cyber-crime circles.