Vistamo Ransomware actor set to go to trial, I can’t wait!

I’ve been contemplating how to write this one up since I saw the article titled Alleged Extortioner of Psychotherapy Patients Faces Trial cross my desk.

Julius Kivimäki is the person’s name who is going to trial, and the article talks about his alleged crimes that he’s been involved as far back as 2015.

In November 2022, Kivimäki was charged with attempting to extort money from the Vastaamo Psychotherapy Center. In that breach, which occurred in October 2020, a hacker using the handle “Ransom Man” threatened to publish patient psychotherapy notes if Vastaamo did not pay a six-figure ransom demand.

This blog post is my original post on this topic, so if you have never read what I originally wrote, please feel free to do that one a read and feel free to send in your comments.

If you read that article carefully, especially the paragraph I quoted, we notated that this suspect has committed at least 50,000 crimes since he was 17 years of age.

As I think about this a little bit more, I hope that he doesn’t get the 5-10 years that a lot of these suspects get, but we all know that this is not how the law works.

This is where Ransom Man is different, as the next paragraph of the more recent article talked about the fact that if Vistamo didn’t pay, the customers would be targeted.

This … is where I draw the line. How could anyone think that your 5 to 6 figure ransom will be paid by people who need some type of medical help for whatever issues they’re going through in life? When I read the following paragraph, I pretty much lost it. That paragraph says:

Vastaamo refused, so Ransom Man shifted to extorting individual patients — sending them targeted emails threatening to publish their therapy notes unless paid a 500-euro ransom. When Ransom Man found little success extorting patients directly, they uploaded to the dark web a large compressed file containing all of the stolen Vastaamo patient records.

But he made a mistake, he had his home folder which pointed to other stuff too. The home folder, is something like “c:\users\jared” within a windows environment.

This is also talked about in the prior article that we linked from the prior blog post where I pretty much lost my mind.

I don’t remember if this particular topic was talked about on TSB, but you could search “Ransom Man” and see what comes up. You may have better luck searching with quotes to find articles and blog posts that cover this. For ease of convenience, I’l put these at the end of this post.

Brian continues to write:

Finnish prosecutors showed that Kivimäki’s credit card had been used to pay for the virtual server that hosted the stolen Vastaamo patient notes. What’s more, the home folder included in the Vastaamo patient data archive also allowed investigators to peer into other cybercrime projects of the accused, including domains that Ransom Man had access to as well as a lengthy history of commands he’d executed on the rented virtual server.

He continues:

Some of those domains allegedly administered by Kivimäki were set up to smear the reputations of different companies and individuals. One of those was a website that claimed to have been authored by a person who headed up IT infrastructure for a major bank in Norway which discussed the idea of legalizing child sexual abuse.

Even Mikko Hypponnen was amazed on the work done to get this evidence in a crime case.

Mikko Hyppönen, chief research officer at WithSecure (formerly F-Secure), said the Finnish authorities have done “amazing work,” and that “it’s rare to have this much evidence for a cybercrime case.”

I agree with Mikko’s thoughts here. We never hear about this much evidence. I just hope that he doesn’t walk away with 2-5 years like most do.

Again, the article is titled Alleged Extortioner of Psychotherapy Patients Faces Trial and I hope you read this update. It is definitely worth the read in full.

What else to read

The first blog post linked within this list links to podcast 120 where we probably did talk about him, but it somehow isn’t in the notes. I guess we’ll see how it goes now that trial is set to begin.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.