Friday, June 14, 2024

Finland’s Most-Wanted Hacker Arrested in France

A 25-year-old Finnish man named Julius “Zeekill” Kivimäki was taken into custody this week in France. He is facing charges of extorting an online psychotherapy practice based in his local area and causing the confidential therapy notes of over 22,000 patients to be leaked online.

The individual in question was not only demanding ransom payments from the victims but also went as far as to leak highly sensitive and private information on a website accessible through the Tor network

On February 3rd, a suspect was taken into custody by French authorities. The individual remains under detention in France as the process for their extradition to Finland is ongoing. The suspect is yet to be transferred to Finland, and as of now, they remain in the custody of French law enforcement.

In the latter part of October 2022, a significant development took place in the case of Kivimäki. The individual was accused of trying to blackmail the Vastaamo Psychotherapy Center for financial gain. The charges against Kivimäki indicate that he attempted to extort money from the organization.

A cyberattack took place in October 2020, targeting the Vastaamo Psychotherapy Center. The hacker, who went by the moniker “Ransom Man,” compromised sensitive patient information and threatened to make it public unless Vastaamo paid a substantial ransom amount, estimated to be in the six figures.

Extorting Hacked Data

After Vastaamo declined to pay the ransom demand made by the hacker known as “Ransom Man,” the individual shifted their focus to extorting individual patients. 

The hacker targeted patients directly, sending them threatening emails that stated that their therapy notes would be made public unless they paid a ransom of 500 euros.

Around the same time as the events described above, Kivimäki faced legal repercussions for his alleged involvement in the breach. 

The Helsinki District Court issued an arrest warrant for Kivimäki, charging him with multiple offenses, including attempted extortion, computer break-in, and the unauthorized dissemination of personal information. 

Ransom Man, who initially aimed to extort patients directly, failed to achieve much success in their endeavors. As a result, he turned to the dark web as a means of monetizing their actions. 

He uploaded a massive compressed file to the dark web which comprised the complete records of all the patients whose information he had stolen.

Security experts were quick to uncover a mistake made by Ransom Man when they analyzed the large compressed file that had been uploaded to the dark web. They discovered that the file contained an entire copy of Ransom Man’s home folder. 

This folder provided valuable insights into the identity of the cybercriminal, as it contained many clues pointing towards the involvement of Kivimäki. 

Arrest of Kivimäki

On February 3rd, Kivimäki was apprehended by the authorities in Courbevoie, France following a report of domestic violence, and the arrest took place early in the morning, at around 7 a.m.

Kivimäki was reported to have been involved in a domestic violence incident on the night of February 3rd. According to eyewitnesses, Kivimäki had been socializing with a woman at a local nightclub earlier that evening. 

The two later returned to the woman’s home, but an argument ensued between them. This disagreement escalated and eventually resulted in a domestic violence report being filed with the authorities.

Kivimäki first gained notoriety as a self-proclaimed member of the Lizard Squad, a group of hackers known for their focus on DDoS attacks. Although the group is mostly composed of low-skilled individuals, they have caused significant disruption through their hacking activities.

Nicknames of the Attacker

Here below we have mentioned the nicknames used:-

  • Ryan
  • RyanC
  • Ryan Cleary

In 2012, Kivimäki and other members of the hacking group HTP were engaged in a widespread operation to exploit vulnerabilities in web servers. 

Kivimäki, who went by the alias Ryan Cleary, was particularly involved in this effort and took things a step further by offering access to these compromised servers for sale in the form of a distributed denial of service (DDoS) service-for-hire. 

Using a previously unknown vulnerability in Adobe’s ColdFusion software, Kivimäki was able to crack more than 60,000 web servers in 2013.

An American Airlines flight was grounded due to the bomb threat made by Kivimäki against John Smedley, the former president of Sony Online Entertainment.

As part of his criminal activities, Kivimäki also threw bomb threats at police stations and reported different incidents of “swatting.”

Kivimäki was found guilty of being the mastermind behind over 50,000 cyber offenses. His actions resulted in him being convicted of orchestrating a vast number of cybercrimes, making him one of the most prolific perpetrators in the history of cybercrime.

Network Security Checklist – Download Free E-Book


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles