Finland’s Most-Wanted Hacker Arrested in France

A 25-year-old Finnish man named Julius “Zeekill” Kivimäki was taken into custody this week in France. He is facing charges of extorting an online psychotherapy practice based in his local area and causing the confidential therapy notes of over 22,000 patients to be leaked online.

The individual in question was not only demanding ransom payments from the victims but also went as far as to leak highly sensitive and private information on a website accessible through the Tor network

On February 3rd, a suspect was taken into custody by French authorities. The individual remains under detention in France as the process for their extradition to Finland is ongoing. The suspect is yet to be transferred to Finland, and as of now, they remain in the custody of French law enforcement.

In the latter part of October 2022, a significant development took place in the case of Kivimäki. The individual was accused of trying to blackmail the Vastaamo Psychotherapy Center for financial gain. The charges against Kivimäki indicate that he attempted to extort money from the organization.

A cyberattack took place in October 2020, targeting the Vastaamo Psychotherapy Center. The hacker, who went by the moniker “Ransom Man,” compromised sensitive patient information and threatened to make it public unless Vastaamo paid a substantial ransom amount, estimated to be in the six figures.

Extorting Hacked Data

After Vastaamo declined to pay the ransom demand made by the hacker known as “Ransom Man,” the individual shifted their focus to extorting individual patients. 

The hacker targeted patients directly, sending them threatening emails that stated that their therapy notes would be made public unless they paid a ransom of 500 euros.

Around the same time as the events described above, Kivimäki faced legal repercussions for his alleged involvement in the breach. 

The Helsinki District Court issued an arrest warrant for Kivimäki, charging him with multiple offenses, including attempted extortion, computer break-in, and the unauthorized dissemination of personal information. 

Ransom Man, who initially aimed to extort patients directly, failed to achieve much success in their endeavors. As a result, he turned to the dark web as a means of monetizing their actions. 

He uploaded a massive compressed file to the dark web which comprised the complete records of all the patients whose information he had stolen.

Security experts were quick to uncover a mistake made by Ransom Man when they analyzed the large compressed file that had been uploaded to the dark web. They discovered that the file contained an entire copy of Ransom Man’s home folder. 

This folder provided valuable insights into the identity of the cybercriminal, as it contained many clues pointing towards the involvement of Kivimäki. 

Arrest of Kivimäki

On February 3rd, Kivimäki was apprehended by the authorities in Courbevoie, France following a report of domestic violence, and the arrest took place early in the morning, at around 7 a.m.

Kivimäki was reported to have been involved in a domestic violence incident on the night of February 3rd. According to eyewitnesses, Kivimäki had been socializing with a woman at a local nightclub earlier that evening. 

The two later returned to the woman’s home, but an argument ensued between them. This disagreement escalated and eventually resulted in a domestic violence report being filed with the authorities.

Kivimäki first gained notoriety as a self-proclaimed member of the Lizard Squad, a group of hackers known for their focus on DDoS attacks. Although the group is mostly composed of low-skilled individuals, they have caused significant disruption through their hacking activities.

Nicknames of the Attacker

Here below we have mentioned the nicknames used:-

  • Ryan
  • RyanC
  • Ryan Cleary

In 2012, Kivimäki and other members of the hacking group HTP were engaged in a widespread operation to exploit vulnerabilities in web servers. 

Kivimäki, who went by the alias Ryan Cleary, was particularly involved in this effort and took things a step further by offering access to these compromised servers for sale in the form of a distributed denial of service (DDoS) service-for-hire. 

Using a previously unknown vulnerability in Adobe’s ColdFusion software, Kivimäki was able to crack more than 60,000 web servers in 2013.

An American Airlines flight was grounded due to the bomb threat made by Kivimäki against John Smedley, the former president of Sony Online Entertainment.

As part of his criminal activities, Kivimäki also threw bomb threats at police stations and reported different incidents of “swatting.”

Kivimäki was found guilty of being the mastermind behind over 50,000 cyber offenses. His actions resulted in him being convicted of orchestrating a vast number of cybercrimes, making him one of the most prolific perpetrators in the history of cybercrime.

Network Security Checklist – Download Free E-Book

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

7 hours ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

2 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

2 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

2 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

2 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

3 days ago