🎙️
AIPodify
Shows

Darknet Diaries

The nastiest, cruelest cyber attack in historyDarknet Diaries Ep.159: Vastaamo

Guest: Joe TidyJune 3, 2025
cybercrimedata breachextortionransomwarejulius kivimakivastaamomental health datafinlandinterpollizard squadgdpr
The nastiest, cruelest cyber attack in history🎙Darknet Diaries Ep.159: Vastaamo

Episode Summary

AI-generated · Mar 2026

AI-generated summary — may contain inaccuracies. Not a substitute for the full episode or professional advice.

This episode features BBC cyber correspondent Joe Tidy, known for his ability to gain access to and interview hackers, including a notorious member of Lizard Squad in 2014. Tidy joins host Jack Rhysider to discuss the central focus of his new book, "Ctrl+Alt+Chaos": what he considers "the worst and most nasty, cruelest, darkest cyber attack in history" – the Vastaamo psychotherapy center breach in Finland.

👤 Who Should Listen

  • Individuals concerned about digital privacy and the security of sensitive personal data.
  • Cybersecurity professionals and researchers tracking high-profile cybercrime cases and hacker motivations.
  • Mental health practitioners and organizations responsible for patient data security and GDPR compliance.
  • Law enforcement officials interested in international cybercrime investigations and the challenges of prosecuting hackers.
  • Anyone curious about the human impact of large-scale data breaches and individual extortion attempts.
  • Fans of true crime narratives, particularly those focused on the darknet and notorious hackers.

🔑 Key Takeaways

  1. 1.The Vastaamo cyberattack in October 2020 involved the theft of 33,000 patient records, including deeply sensitive therapy notes, from a major Finnish psychotherapy center by a hacker calling himself "Ransom Man" [08:19].
  2. 2.Initially, "Ransom Man" attempted to extort Vastaamo for 400,000 euros in Bitcoin, threatening to release 100 patient records daily, but the public reaction on forums was overwhelmingly hostile towards him [09:20, 11:25].
  3. 3.The hacker made a critical mistake by accidentally posting his entire home directory, including all 33,000 patient records and a crucial IP address, leading Finnish police to seize his cloud server in Helsinki [17:30, 19:34, 20:39].
  4. 4.After losing leverage with the company, "Ransom Man" individually extorted approximately 27,500 victims via email, demanding 200 euros in Bitcoin (escalating to 500 euros) to prevent their data from being published online [22:44].
  5. 5.This individual extortion of vulnerable mental health patients was described as a "nadir in cyber crime" [24:46], causing profound distress and, in some cases, contributing to victims choosing to end their lives [25:50].
  6. 6.The perpetrator was identified as Julius Kivimaki, a notorious Finnish hacker with a long history of cybercrime, including the 2014 Xbox/PlayStation DDoS attack, who was eventually arrested in Paris in 2023 following an Interpol Red Notice [29:56, 31:03, 37:17].
  7. 7.Kivimaki was convicted in Finland on April 30, 2024, of 9,600 counts of aggravated invasion of privacy, 21,000 attempted aggravated extortion attempts, and 20 counts of aggravated blackmail, receiving a sentence of six years and three months in prison [41:50, 49:43].
  8. 8.The Vastaamo company ultimately collapsed into administration, and its CEO, Ville Tapio, was prosecuted and convicted of data protection violations under GDPR, highlighting the severe consequences for companies failing to protect sensitive data [35:07, 36:09].

💡 Key Concepts Explained

Script Kitty

A derogatory term used to describe a beginner hacker who lacks deep technical skill and often relies on pre-made tools or exploits. Host Jack Rhysider suggests applying it to "Ransom Man" not for lack of skill, but for his 'reckless and careless' handling of extremely sensitive data [12:26].

Interpol Red Notice

An international alert issued by Interpol at the request of a member country, asking law enforcement worldwide to locate and provisionally arrest a person pending extradition. It was used by Finnish police to successfully track down Julius Kivimaki, leading to his arrest in Paris in 2023 [31:03, 37:17].

⚡ Actionable Takeaways

  • Recognize that even services expected to be safe and secure, like therapy providers, may not adequately protect your data, as Vastaamo's systems had vulnerabilities like "root root" as a password [16:55, 13:27].
  • Understand that you are ultimately responsible for treating your data with the privacy it deserves, as companies may fail to do so, emphasizing personal vigilance [16:55].
  • Be aware that law enforcement may prioritize criminal investigations over a company's reputation during a breach, potentially impacting how a crisis is managed by the affected organization [33:32].
  • Consider the potential for individual extortion attempts if your data is exposed, as this episode demonstrates a hacker directly targeting victims after failing to extort the company [22:44].
  • Learn about the legal responsibilities of company executives regarding data protection, as the CEO of Vastaamo was convicted for failing to anonymize or encrypt patient data under GDPR [36:09].
  • Support robust legal frameworks and enforcement against repeat cyber offenders, as the case of Julius Kivimaki illustrates a pattern of escalating cybercrime over a decade [45:32].
  • Seek support and advice from authorities if you become a victim of data extortion, as paying the ransom was advised against in the Vastaamo case once the data was already public [26:51].

⏱ Timeline Breakdown

01:01Joe Tidy introduces himself as the BBC's cyber correspondent.
01:38Joe Tidy recalls covering the 2014 DDoS attack on Sony PlayStation and Xbox Live by Lizard Squad.
02:18A clip of Joe Tidy interviewing "Ryan" from Lizard Squad, who admits to the DDoS attack.
05:13Jack introduces Joe Tidy's book "Ctrl+Alt+Chaos," which begins with a 2020 cyberattack in Finland.
06:47Joe Tidy describes the Vastaamo cyberattack in October 2020, where "Ransom Man" claimed to have hacked a psychotherapy center.
08:19Ransom Man stole therapy notes and personal details of 33,000 patients from Vastaamo.
09:20Ransom Man threatened to release 100 records daily if Vastaamo didn't pay 400,000 euros in Bitcoin.
10:21Ransom Man selectively released the most "salacious" and "harmful" records, searching for keywords like "rape fantasies" and "child abuse."
11:25The public reaction on forums like Torilauta and Ylilauta was largely hostile towards Ransom Man.
13:27Ransom Man joked about the database having "no password" ("root root") and was accused of being an amateur.
17:30Ransom Man accidentally posted his entire home directory, including all 33,000 patient records, losing his bargaining chips.
19:34Police discovered an IP address in the leaked files, pointing to a cloud-hosting provider in Helsinki.
20:39Police raced to the cloud provider, unplugging the server to prevent Ransom Man from deleting evidence.
22:44Ransom Man then emailed 27,500 Vastaamo patients individually, demanding 200 euros in Bitcoin (escalating to 500 euros) for their data's deletion.
24:46The individual extortion of vulnerable patients was deemed a "nadir in cybercrime."
25:50Some victims of the Vastaamo hack took their own lives due to the data exposure.
26:51Only about 20 people paid the ransom, as victims were advised not to pay.
27:54The Vastaamo crisis occurred during Covid (October 2020), leading to high-level government meetings.
29:56Lead detective Marko Leponen identified Julius Kivimaki as the prime suspect.
31:03An Interpol Red Notice was issued for Julius Kivimaki in November 2022.
32:04Joe Tidy recalls interviewing Kivimaki previously and notes his long history of cybercrime.
35:07Vastaamo company collapsed into administration due to the crisis.
36:09Vastaamo's CEO, Ville Tapio, was prosecuted and convicted for failing to protect data under GDPR.
37:17Julius Kivimaki was arrested in Paris in early 2023 after police responded to a domestic abuse call.
39:20Kivimaki's trial in Finland was the biggest criminal case in the country's history.
40:23Kivimaki was controversially released on bail mid-trial, then re-arrested after refusing to return to prison.
41:50Kivimaki faced charges including 9,600 counts of aggravated invasion of privacy and 21,000 attempted aggravated extortion attempts.
45:32Joe Tidy mentions Kivimaki's history of 50,000 cybercrime convictions as a teenager with gangs like LulzSec, HTP, Lizard Squad, and UGNazi.
47:41Jack notes that the episode only covers a fraction of Kivimaki's exploits detailed in Joe Tidy's book.
49:43Julius Kivimaki was sentenced to six years and three months in prison on April 30th, 2024.

Best of this topic

Best cybercrime episodes →Best data breach episodes →Best extortion episodes →Best ransomware episodes →Best julius kivimaki episodes →

💬 Notable Quotes

JOE: "for my money the worst and most nasty, cruelest, darkest cyber attack in history." [05:13]
JACK: "the notes your therapist took when you spilled your most personal and private thoughts to them. That, in my opinion, is in fact the cruelest piece of personal data that someone could hold for ransom" [08:19]
JOE: "it was ó it felt like digital rape, she said, which really has always struck me as just such a horrible proposition and such a horrible description." [24:46]
JOE: "This is the kind of world that he operates in. He doesn't seem to have much care for anything." [48:42]

More from this guest

Joe Tidy

All appearances →Best episodes →

📚 Books Mentioned

Ctrl+Alt+Chaos by Joe Tidy
Amazon →

Listen to Full Episode

▶ YouTube

📬 Get weekly summaries like this one

No spam. Unsubscribe anytime. By subscribing you agree to our Privacy Policy.

Continue Exploring

🎙️

More from Darknet Diaries

All episodes →

🏷️

More cybercrime episodes

Browse topic →

Best data breach episodes

Ranked list →

🗂️

Browse all topics

Topic directory →

← All episodes of Darknet Diaries