Hacker charged, hacked psychotherapy center, demanded ransome and went after patients to pay

I sent this article to the security box list back on the third of this month. Its titled Hacker Charged With Extorting Online Psychotherapy Service which always brings about some good news around here.

We never see much of good news, so posting these kind of articles is kind of cool, if you know what I mean.

This particular article comes from our good buddy, Brian Krebs.

The first paragraph should scare you alone. It says:

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki, a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats.

The linked article as part of the paragraph links back to a 2015 story that Krebs titled Finnish Decision is Win for Internet Trolls which I don’t remember reading. If I did, I read it back then and don’t remember much about it.

The second paragraph of this current article states:

In late October 2022, Kivimaki was charged (and arrested in absentia, according to the Finns) with attempting to extort money from the Vastaamo Psychotherapy Center.  On October 21, 2020, Vastaamo became the target of blackmail when a tormentor identified as “ransom_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online.

We know that these guys can do whatever they want, so the money could’ve been an afterthought, but who knows what they’re thinking.

One paragraph says that they’re not asking for much. It would be 10 euros per patient, give or take, which is around 450,000 euros. Ransom man wrote that it is less than the 20 million yearly that the company makes, and in retrospective, tht isn’t much. The problem I have is when you involve people who need any type of therapy, no matter the type, you run the risk of them turning on their word and publishing it anyway. Some of these patients have no idea about what is going on, I’m positive they were never told because of the nature of the situation.

When the company refused to pay, the ransom man turned to the patients for money. This has been talked about before when it comes to the many types of ransomware demands. This is what really irritates me with a story like this.

This is the kicker though, besides ransom man uploading the file of data, he made a big mistake. That paragraph says:

On Oct. 23, 2020, ransom_man uploaded to the dark web a large compressed file that included all of the stolen Vastaamo patient records. But investigators found the file also contained an entire copy of ransom_man’s home folder, a likely mistake that exposed a number of clues that they say point to Kivimaki.

He deleted the file, says the article, but not before researchers and others made the information searchable. There’s plenty more, and I am sure that people who need specific type of therapy would not appreciate it if they understood what the hell just happened to this company who did the best they could with their job, and hopefully tried to keep the data as safe as possible.

The term psychotherapy means therapy that is done by hypnosis or other type of work. You are welcome to check out this wikipedia page on psychotherapy and read it on your own time. Suffice it to say, hypnosis, if part of treatment, can be used for all kinds of things like treating pain or some other type of ailment that could be short term perhapse.

I’m not a doctor, nor did I read the entire Wikipedia article, but I want to provide information here so people can do the research on their own time.

As I said, there’s plenty more on the linked article which started this discussion, let me know what you think.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.