Friday, March 29, 2024

Finland’s Most-Wanted Hacker Arrested in France

A 25-year-old Finnish man named Julius “Zeekill” Kivimäki was taken into custody this week in France. He is facing charges of extorting an online psychotherapy practice based in his local area and causing the confidential therapy notes of over 22,000 patients to be leaked online.

The individual in question was not only demanding ransom payments from the victims but also went as far as to leak highly sensitive and private information on a website accessible through the Tor network

On February 3rd, a suspect was taken into custody by French authorities. The individual remains under detention in France as the process for their extradition to Finland is ongoing. The suspect is yet to be transferred to Finland, and as of now, they remain in the custody of French law enforcement.

In the latter part of October 2022, a significant development took place in the case of Kivimäki. The individual was accused of trying to blackmail the Vastaamo Psychotherapy Center for financial gain. The charges against Kivimäki indicate that he attempted to extort money from the organization.

A cyberattack took place in October 2020, targeting the Vastaamo Psychotherapy Center. The hacker, who went by the moniker “Ransom Man,” compromised sensitive patient information and threatened to make it public unless Vastaamo paid a substantial ransom amount, estimated to be in the six figures.

Extorting Hacked Data

After Vastaamo declined to pay the ransom demand made by the hacker known as “Ransom Man,” the individual shifted their focus to extorting individual patients. 

The hacker targeted patients directly, sending them threatening emails that stated that their therapy notes would be made public unless they paid a ransom of 500 euros.

Around the same time as the events described above, Kivimäki faced legal repercussions for his alleged involvement in the breach. 

The Helsinki District Court issued an arrest warrant for Kivimäki, charging him with multiple offenses, including attempted extortion, computer break-in, and the unauthorized dissemination of personal information. 

Ransom Man, who initially aimed to extort patients directly, failed to achieve much success in their endeavors. As a result, he turned to the dark web as a means of monetizing their actions. 

He uploaded a massive compressed file to the dark web which comprised the complete records of all the patients whose information he had stolen.

Security experts were quick to uncover a mistake made by Ransom Man when they analyzed the large compressed file that had been uploaded to the dark web. They discovered that the file contained an entire copy of Ransom Man’s home folder. 

This folder provided valuable insights into the identity of the cybercriminal, as it contained many clues pointing towards the involvement of Kivimäki. 

Arrest of Kivimäki

On February 3rd, Kivimäki was apprehended by the authorities in Courbevoie, France following a report of domestic violence, and the arrest took place early in the morning, at around 7 a.m.

Kivimäki was reported to have been involved in a domestic violence incident on the night of February 3rd. According to eyewitnesses, Kivimäki had been socializing with a woman at a local nightclub earlier that evening. 

The two later returned to the woman’s home, but an argument ensued between them. This disagreement escalated and eventually resulted in a domestic violence report being filed with the authorities.

Kivimäki first gained notoriety as a self-proclaimed member of the Lizard Squad, a group of hackers known for their focus on DDoS attacks. Although the group is mostly composed of low-skilled individuals, they have caused significant disruption through their hacking activities.

Nicknames of the Attacker

Here below we have mentioned the nicknames used:-

  • Ryan
  • RyanC
  • Ryan Cleary

In 2012, Kivimäki and other members of the hacking group HTP were engaged in a widespread operation to exploit vulnerabilities in web servers. 

Kivimäki, who went by the alias Ryan Cleary, was particularly involved in this effort and took things a step further by offering access to these compromised servers for sale in the form of a distributed denial of service (DDoS) service-for-hire. 

Using a previously unknown vulnerability in Adobe’s ColdFusion software, Kivimäki was able to crack more than 60,000 web servers in 2013.

An American Airlines flight was grounded due to the bomb threat made by Kivimäki against John Smedley, the former president of Sony Online Entertainment.

As part of his criminal activities, Kivimäki also threw bomb threats at police stations and reported different incidents of “swatting.”

Kivimäki was found guilty of being the mastermind behind over 50,000 cyber offenses. His actions resulted in him being convicted of orchestrating a vast number of cybercrimes, making him one of the most prolific perpetrators in the history of cybercrime.

Network Security Checklist – Download Free E-Book

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles