Hacker “Zeekill” charged for breaching psychotherapy service

Updated on: 04 November 2022

Vilius Petkauskas
Deputy Editor

Zeekill Vastaamo hacker — Image by Shutterstock.

Julius Kivimaki is suspected of stealing data from Vastaamo Psychotherapy Centre and extorting the organization and its patients.

The 25-year-old Kivimaki was remanded in absentia over allegations that he attempted extortion and dissemination of personal information. Finish authorities claim that the hacker is residing abroad.

Helsinki District Court claims that Kivimaki was behind the Vastaamo data breach. The hack happened two years ago when threat actors stole a patient’s database containing therapy records from the psychotherapy service provider and threatened to publish the data online.

Threat actors later published hundreds of patient records on a dark web forum to pressure Vastaamo into paying the ransom of 40 bitcoins, worth €450k ($439k) at the time. After the company refused to pay the ransom, threat actors demanded ransom from 22,000 Vaastamo’s patients, threatening to publish therapists’ and doctors’ notes from therapy sessions online.

Vastaamo hacker Kivimaki — Notice on Europol's website. Image by Cybernews.

Since the suspect lives outside Finland, a European arrest warrant has been issued against Kivimaki, Finish authorities said in a statement.

“The police know that the suspect is currently staying abroad, which is why he was arrested in absentia. A European arrest warrant has been issued for the person, under which he can be arrested abroad,” reads the statement.

The Vastaamo case isn’t the first time Kivimaki has faced charges for hacking. In 2015, the 17-year-old hacker was found guilty of a staggering 50,700 instances of aggravated computer break-ins.

At the time, prosecutors alleged that the hacker infected 1,400 servers with malware, creating a substantial botnet that he later used to carry out distributed denial-of-service (DDoS) attacks. The prolific hacker also attacked the Massachusetts Institute of Technology (MIT) and Harvard University.

Kivimaki, operating under the alias Zeekill, got off with a two-year suspended prison sentence and was ordered to return €6.5k ($6.4k) he obtained through illicit activities.