A 26-year-old Finnish hacker, Aleksanteri Kivimäki, received a sentence of more than six years in prison for his involvement in a cyberattack on the Vastaamo Psychotherapy Center. The attack, which occurred in October 2020, resulted in the exposure of therapy records belonging to tens of thousands of patients. Kivimäki attempted to extort the clinic and its clients, demanding a ransom of 40 bitcoins to prevent the leak of sensitive information. Despite Vastaamo’s refusal to pay, the hacker proceeded to extort individual patients, leading to approximately 20 clients paying a ransom ranging from 200 to 500 euros each.
Kivimäki, who was arrested near Paris in February 2023 under a false identity, was subsequently deported to Finland to stand trial. He was found guilty of aggravated data breach, 21,000 counts of aggravated blackmail attempts, and 9,200 counts of aggravated dissemination. Despite denying all charges, Kivimäki may appeal the verdict, according to his lawyer. Prosecutors sought the maximum sentence of seven years, considering the severity of the crimes.
This isn’t Kivimäki’s first brush with the law. He has a history of involvement in cybercrime, having been linked to the hacker group Hack the Planet (HTP) and the notorious Lizard Squad. In 2013, investigators discovered malicious code on devices seized from Kivimäki, which was used by HTP to exploit an Adobe ColdFusion zero-day vulnerability, compromising over 60,000 servers, including those of prominent companies like LexisNexis, Kroll, and Dun & Bradstreet.
