Aleksanteri Kivimäki, convicted for one of Finland’s largest data privacy and extortion cases, has been released from custody pending appeal. The move reignites debates over justice, victim rights, and how cybercrime is handled in law.
Story Synopsis
In April 2024, Kivimäki was sentenced to six years and three months in prison by the Länsi-Uusimaa District Court for hacking into the database of the Vastaamo psychotherapy center. He stole records from tens of thousands of therapy patients and extorted both the company and individual victims.
In September 2025, the Helsinki Court of Appeal ordered his release while his conviction is under review. Judges cited the long pretrial detention and Finnish legal provisions that prevent keeping defendants incarcerated unnecessarily during appeal proceedings.
Deep-Dive Sections
The release does not nullify his conviction but reflects Finland’s legal principle of presumption of innocence during appeal. For victims—many of whom had deeply personal therapy notes exposed—the decision feels like a setback. For Finland’s justice system, it’s a test of balancing human rights with accountability for large-scale cybercrime.
How It Works
Kivimäki, known online as “ransom_man,” hacked Vastaamo’s servers in 2018–2019, stealing psychotherapy records. In 2020, he began blackmailing both the company and individual patients, threatening to leak records unless paid in Bitcoin.
Arrested in France in 2023 and extradited to Finland, he was convicted in 2024. His appeal process began in 2025, and Finnish law allows release if detention exceeds reasonable limits during appeal—hence the court’s decision.
Why It Matters
This case is one of Europe’s most damaging privacy breaches. Over 30,000 patients were affected, including minors and people with severe trauma. The sensitivity of psychotherapy notes made the breach especially devastating.
The release raises difficult questions: how should justice systems handle cybercriminals who cause massive harm but benefit from legal protections? And how can victims feel safe when offenders are freed before completing their sentences?
What’s Next
The appeal continues in November 2025. The Helsinki Court of Appeal will decide whether to uphold, overturn, or reduce Kivimäki’s sentence.
Meanwhile, the case could inspire reforms in Finnish or EU laws around data protection, cybercrime sentencing, and victim support. International investigations also continue into related extortion schemes connected to the breach.
Tech Tidbits
- Kivimäki was once linked to the Lizard Squad hacking group.
- More than 30,000 psychotherapy patients had their sensitive records exposed.
- Finnish law allows convicted individuals to remain free during appeal if detention would exceed fair legal limits.
Publication or Release Details
- Convicted individual: Aleksanteri Tomminpoika Kivimäki (aliases “ransom_man,” “zeekill”)
- Original conviction: April 2024, sentenced to 6 years and 3 months
- Current status: Released in September 2025 pending appeal decision
- Jurisdiction: Helsinki Court of Appeal
