Darknet Diaries

Episode 159: Vastaamo

Host: Jack Rhysider
Guest: Joe Tidy (BBC Cyber Correspondent)
Release Date: June 3, 2025

Main Theme/Overview

This episode dives into one of the most disturbing cybercrimes in recent history: the 2020 Vastaamo psychotherapy center data breach in Finland. Jack Rhysider and Joe Tidy (author of Control Alt Chaos) meticulously recount the events, the impact on tens of thousands of victims whose most private therapy notes were leaked, the relentless manhunt for the attacker, and the trial of Julius Kivimäki, a notorious hacker. The episode examines the cruelty of publishing personal psychological records for extortion, the failures and fallout at Vastaamo, and why this case stands out as a nadir in cybercrime history.

Key Discussion Points & Insights

1. Joe Tidy’s Background in Cyber Reporting

Timestamps: 00:31 – 04:39

Joe shares his experience breaking into cybercrime reporting, starting with high-profile cases like the Lizard Squad DDoS attacks in 2014.
Jack admires Joe’s reach into hacker circles and ability to secure exclusive, revealing interviews.

“Hats off to your ability to infiltrate the hacking world.” – Jack Rhysider (00:32)

2. Introduction to the Vastaamo Attack

Timestamps: 07:51 – 08:07

Jack and Joe set the stage: Vastaamo was a major psychotherapy provider in Finland.
Joe describes the Vastaamo hack as “the worst and most nasty, cruelest, darkest cyber attack in history.” (07:51)

“It shocked the world… for my money, the worst and most nasty, cruelest, darkest cyber attack in history.” – Joe Tidy (07:51)

3. What Happened: The Breach and Initial Extortion

Timestamps: 09:26 – 12:17

In October 2020, a hacker called “Ransom Man” appeared on Finnish darknet forums, claiming to have stolen the full database: names, personal info, and — most significantly — private therapy notes from 33,000 patients.
Ransom Man demanded €400,000 in bitcoin from Vastaamo, threatening to release records if unpaid, eventually escalating to posting 100 records daily.

“I've got all the personal details... I've also crucially and cruelly got all their therapy notes as well.” – Joe Tidy (09:26)

4. The Release of Private Data and Public Reaction

Timestamps: 12:38 – 17:47

Ransom Man posted the first 100 most damaging records, specifically picking out salacious or deeply sensitive information to maximize harm.
Unlike many cyber-forum breaches, even the usual corners of the darknet condemned the act.

“There was no respect for him. There was no, 'well done.'... There was no love at all for Ransom Man.” – Joe Tidy (13:26)

5. The Technical Blunder and Police Breakthrough

Timestamps: 19:54 – 24:28

Ransom Man made a critical error by accidentally posting his entire home directory, revealing the whole dataset (the "Big Tar" file) and personal clues, including an IP address tied to a Helsinki server.
Police raced to physically seize the server before Ransom Man could remotely wipe it.

“There was a mad race... They eventually got through on the phone. They had a guy from the company running through the warehouse, finding the server, unplugging it.” – Joe Tidy (21:58)

6. A Second, More Sinister Extortion

Timestamps: 26:47 – 29:49

With his negotiation leverage lost, Ransom Man began emailing nearly all 33,000 victims directly, personalized with their name and social security number, demanding €200–500 in Bitcoin for the promise not to publish their therapy records online.
The psychological toll was immense; many victims described feelings of “digital rape,” and several reportedly ended their lives.

“One of the women I spoke to said it was... digital rape. Having this particular type of information stolen, it’s just such an invasion.” – Joe Tidy (28:35)

7. Mass Panic and National Fallout

Timestamps: 30:09 – 32:18

Overwhelmed support and police hotlines, statements from the Finnish president and prime minister, and an entire nation thrown into turmoil — all in the midst of the COVID-19 pandemic.
Only about 20 victims paid, and the hack’s impact reverberated across Finnish society.

8. Unmasking the Hacker: Julius Kivimäki

Timestamps: 33:42 – 35:52

Lead investigator Marco Leponen slowly gathers evidence tying the breach to Julius Kivimäki, previously infamous as part of Lizard Squad and responsible for tens of thousands of cybercrimes as a teen.
An Interpol red notice is issued, triggering an international manhunt.

9. Kivimäki’s Arrest and Trial

Timestamps: 41:08 – 45:51

French police accidentally discover Kivimäki in Paris in early 2023 after responding to a false domestic violence report.
Kivimäki is extradited to Finland, faces the largest criminal trial in the country’s history, and exhibits a remarkable lack of remorse, even dodging custody briefly during the trial through legal wrangling.

10. The Legal Aftermath and Reflections on Responsibility

Timestamps: 37:00 – 39:21; 46:00 – 49:05

Vastaamo CEO Ville Tapio is prosecuted and convicted for failing to properly encrypt and anonymize data, though he disputes blame.
An unprecedented volume of charges: over 30,000 criminal counts, including 9,600 aggravated invasion of privacy, and 21,000 attempted aggravated extortion.
The Finnish legal system strains to keep up with victim compensation and the scale of collective criminality.

11. Kivimäki’s Legacy and the Book’s Broader Context

Timestamps: 49:05 – 53:23

Kivimäki’s criminal career began in adolescence; this is only the latest in a string of egregious hacks.
Joe Tidy describes the toxic hacker culture of the 2010s, where notoriety and outdoing earlier shock attacks became currency among young cybercriminals.
The episode calls this attack the “nadir of cybercrime” and leaves listeners with the warning of just how personal cyber breaches can be.

Notable Quotes & Memorable Moments

“It shocked the world…for my money, the worst and most nasty, cruelest, darkest cyber attack in history.”
— Joe Tidy (07:51)
“The notes your therapist took when you spilled your most personal and private thoughts to them... is, in fact, the cruelest piece of personal data that someone could hold for ransom.”
— Jack Rhysider (11:02)
“There was no respect for him. There was no, 'well done.'... There was no love at all for Ransom Man.”
— Joe Tidy (13:26)
“He made probably the biggest mistake in the history of cybercrime... he posted his entire home directory.”
— Joe Tidy (19:54)
“One of the women that I spoke to said it was... digital rape. Having this particular type of information stolen, it's just such an invasion.”
— Joe Tidy (28:35)
“In April 30, 2024, Julius Kivimäki was sentenced to six years and three months in prison. He's currently sitting in prison right now serving his time.”
— Jack Rhysider (53:23)

Timestamps of Important Segments

| Timestamp | Segment Description | | ------------ | -------------------------------------------------------------------------------------------- | | 00:31 | Joe Tidy’s background; early cybercrime reporting | | 07:51 | Introduction to the Vastaamo hack | | 09:26 | Details of the breach: Ransom and threatening to leak therapy notes | | 12:38 | First records leaked; reaction from the hacking community | | 19:54 | Ransom Man’s technical blunder (the "Big Tar" file) | | 21:58 | Police race to seize the key server | | 26:47 | Ransom Man emails all victims directly, escalating the extortion | | 28:35 | Testimony and psychological toll from victims | | 33:42 | Investigation and growing suspicion: Julius Kivimäki as the prime suspect | | 41:08 | French police arrest Kivimäki in Paris | | 45:51 | The massive criminal charge list described in court | | 49:05 | Wider context: Kivimäki’s history, teen hacking subculture | | 53:23 | Kivimäki’s sentencing; aftermath and reflections |

Language and Tone

Throughout the episode, Jack and Joe maintain a mixture of empathy, shock, and technical curiosity. The narrative is both compassionate toward the victims and unsparing in its condemnation of the hacker’s cruelty — as well as Vastaamo’s egregious failure to secure their patients’ secrets.

Final Thoughts

This deeply reported episode starkly illustrates the human consequences of cybercrime when sensitive personal data is at stake. The Vastaamo case is both a cautionary tale for organizations about safeguarding personal information and an unsparing look at what happens when a hacker decides to cause harm for harm’s sake. The story isn’t just about technology—it’s about trust, trauma, justice, and the darker corners of the internet.

For further details and a broader exploration, Jack and Joe encourage listeners to read Joe Tidy’s book, Control Alt Chaos.

Darknet Diaries

Episode 159: Vastaamo

Host: Jack Rhysider
Guest: Joe Tidy (BBC Cyber Correspondent)
Release Date: June 3, 2025

Main Theme/Overview

Key Discussion Points & Insights

1. Joe Tidy’s Background in Cyber Reporting

Timestamps: 00:31 – 04:39

Joe shares his experience breaking into cybercrime reporting, starting with high-profile cases like the Lizard Squad DDoS attacks in 2014.
Jack admires Joe’s reach into hacker circles and ability to secure exclusive, revealing interviews.

“Hats off to your ability to infiltrate the hacking world.” – Jack Rhysider (00:32)

2. Introduction to the Vastaamo Attack

Timestamps: 07:51 – 08:07

Jack and Joe set the stage: Vastaamo was a major psychotherapy provider in Finland.
Joe describes the Vastaamo hack as “the worst and most nasty, cruelest, darkest cyber attack in history.” (07:51)

“It shocked the world… for my money, the worst and most nasty, cruelest, darkest cyber attack in history.” – Joe Tidy (07:51)

3. What Happened: The Breach and Initial Extortion

Timestamps: 09:26 – 12:17

In October 2020, a hacker called “Ransom Man” appeared on Finnish darknet forums, claiming to have stolen the full database: names, personal info, and — most significantly — private therapy notes from 33,000 patients.
Ransom Man demanded €400,000 in bitcoin from Vastaamo, threatening to release records if unpaid, eventually escalating to posting 100 records daily.

“I've got all the personal details... I've also crucially and cruelly got all their therapy notes as well.” – Joe Tidy (09:26)

4. The Release of Private Data and Public Reaction

Timestamps: 12:38 – 17:47

Ransom Man posted the first 100 most damaging records, specifically picking out salacious or deeply sensitive information to maximize harm.
Unlike many cyber-forum breaches, even the usual corners of the darknet condemned the act.

“There was no respect for him. There was no, 'well done.'... There was no love at all for Ransom Man.” – Joe Tidy (13:26)

5. The Technical Blunder and Police Breakthrough

Timestamps: 19:54 – 24:28

Ransom Man made a critical error by accidentally posting his entire home directory, revealing the whole dataset (the "Big Tar" file) and personal clues, including an IP address tied to a Helsinki server.
Police raced to physically seize the server before Ransom Man could remotely wipe it.

“There was a mad race... They eventually got through on the phone. They had a guy from the company running through the warehouse, finding the server, unplugging it.” – Joe Tidy (21:58)

6. A Second, More Sinister Extortion

Timestamps: 26:47 – 29:49

With his negotiation leverage lost, Ransom Man began emailing nearly all 33,000 victims directly, personalized with their name and social security number, demanding €200–500 in Bitcoin for the promise not to publish their therapy records online.
The psychological toll was immense; many victims described feelings of “digital rape,” and several reportedly ended their lives.

“One of the women I spoke to said it was... digital rape. Having this particular type of information stolen, it’s just such an invasion.” – Joe Tidy (28:35)

7. Mass Panic and National Fallout

Timestamps: 30:09 – 32:18

Overwhelmed support and police hotlines, statements from the Finnish president and prime minister, and an entire nation thrown into turmoil — all in the midst of the COVID-19 pandemic.
Only about 20 victims paid, and the hack’s impact reverberated across Finnish society.

8. Unmasking the Hacker: Julius Kivimäki

Timestamps: 33:42 – 35:52

Lead investigator Marco Leponen slowly gathers evidence tying the breach to Julius Kivimäki, previously infamous as part of Lizard Squad and responsible for tens of thousands of cybercrimes as a teen.
An Interpol red notice is issued, triggering an international manhunt.

9. Kivimäki’s Arrest and Trial

Timestamps: 41:08 – 45:51

French police accidentally discover Kivimäki in Paris in early 2023 after responding to a false domestic violence report.
Kivimäki is extradited to Finland, faces the largest criminal trial in the country’s history, and exhibits a remarkable lack of remorse, even dodging custody briefly during the trial through legal wrangling.

10. The Legal Aftermath and Reflections on Responsibility

Timestamps: 37:00 – 39:21; 46:00 – 49:05

Vastaamo CEO Ville Tapio is prosecuted and convicted for failing to properly encrypt and anonymize data, though he disputes blame.
An unprecedented volume of charges: over 30,000 criminal counts, including 9,600 aggravated invasion of privacy, and 21,000 attempted aggravated extortion.
The Finnish legal system strains to keep up with victim compensation and the scale of collective criminality.

11. Kivimäki’s Legacy and the Book’s Broader Context

Timestamps: 49:05 – 53:23

Kivimäki’s criminal career began in adolescence; this is only the latest in a string of egregious hacks.
Joe Tidy describes the toxic hacker culture of the 2010s, where notoriety and outdoing earlier shock attacks became currency among young cybercriminals.
The episode calls this attack the “nadir of cybercrime” and leaves listeners with the warning of just how personal cyber breaches can be.

Notable Quotes & Memorable Moments

“It shocked the world…for my money, the worst and most nasty, cruelest, darkest cyber attack in history.”
— Joe Tidy (07:51)
“The notes your therapist took when you spilled your most personal and private thoughts to them... is, in fact, the cruelest piece of personal data that someone could hold for ransom.”
— Jack Rhysider (11:02)
“There was no respect for him. There was no, 'well done.'... There was no love at all for Ransom Man.”
— Joe Tidy (13:26)
“He made probably the biggest mistake in the history of cybercrime... he posted his entire home directory.”
— Joe Tidy (19:54)
“One of the women that I spoke to said it was... digital rape. Having this particular type of information stolen, it's just such an invasion.”
— Joe Tidy (28:35)
“In April 30, 2024, Julius Kivimäki was sentenced to six years and three months in prison. He's currently sitting in prison right now serving his time.”
— Jack Rhysider (53:23)

Timestamps of Important Segments

Language and Tone

Final Thoughts

For further details and a broader exploration, Jack and Joe encourage listeners to read Joe Tidy’s book, Control Alt Chaos.

159: Vastaamo

Powered by Wave AI

Summary

Darknet Diaries

Episode 159: Vastaamo

Main Theme/Overview

Key Discussion Points & Insights

1. Joe Tidy’s Background in Cyber Reporting

2. Introduction to the Vastaamo Attack

3. What Happened: The Breach and Initial Extortion

4. The Release of Private Data and Public Reaction

5. The Technical Blunder and Police Breakthrough

6. A Second, More Sinister Extortion

7. Mass Panic and National Fallout

8. Unmasking the Hacker: Julius Kivimäki

9. Kivimäki’s Arrest and Trial

10. The Legal Aftermath and Reflections on Responsibility

11. Kivimäki’s Legacy and the Book’s Broader Context

Notable Quotes & Memorable Moments

Timestamps of Important Segments

Language and Tone

Final Thoughts

Summary

Darknet Diaries

Episode 159: Vastaamo

Main Theme/Overview

Key Discussion Points & Insights

1. Joe Tidy’s Background in Cyber Reporting

2. Introduction to the Vastaamo Attack

3. What Happened: The Breach and Initial Extortion

4. The Release of Private Data and Public Reaction

5. The Technical Blunder and Police Breakthrough

6. A Second, More Sinister Extortion

7. Mass Panic and National Fallout

8. Unmasking the Hacker: Julius Kivimäki

9. Kivimäki’s Arrest and Trial

10. The Legal Aftermath and Reflections on Responsibility

11. Kivimäki’s Legacy and the Book’s Broader Context

Notable Quotes & Memorable Moments

Timestamps of Important Segments

Language and Tone

Final Thoughts