Police Investigate Email Threat Against WiproPoison Attack Threatened If Ransom Not Paid
Police are investigating an anonymous email threat against Indian IT company Wipro as a potential "act of terror."
On May 5, the company received an anonymous email threatening a massive attack with the poison Ricin on all its offices in Bangalore if it didn't pay Rs 500 crore ($85 million) in ransom in bitcoins, according to news media reports.
The firm has refrained from sharing details of the incident with the media. In a statement, it confirms that it has filed a complaint with local law enforcement authorities. "We have augmented security measures at all our office locations. There is no impact on the company's operations. We have no further comments as the investigation is ongoing," the statement says.
The threat came through an email from Ramesh2@protonmail.com, which is presumed to be fake, according to news reports. The email asked the company to make the payment in 20 days. S. Ravi, additional commissioner of police in Karnataka, said that a complaint has been registered at the cybercrime police station and the investigation is continuing, according to reports.
Although the case initially had been registered under Section 66F of Information Technology Act (ITA) 2008, that registration was retracted by the police, according to Muktesh Chander, DGP of Goa Police.
Because Section 66F doesn't define cyber terrorism well, there have been issues sustaining this complaint, some security practitioners say.
"This is a case of pure threat - the difference being that the medium used is cyber. Still we can't label this as cybercrime according to what has been defined in the IT Act," Chander says.
The police have now decided to treat the incident as "an act of terror" or a "threat to commit an act of terror" along with impersonation under the Unlawful Activities Prevention Act, Indian Penal Code and ITA 2008, says Na. Vijayashankar, a cyber dispute risk management consultant.
Although the threat includes using a computer controlled device, Section 66F may still not recognize it as one of the three means through which the offense needs to be committed: denial of access, unauthorized access or injecting a computer contaminant, Vijayashankar says.
Chander explains that the police will now have to trace the origin of the email. "Though technically it looks easy, there will be challenges as we don't have an international cybercrime treaty," he says. "It now depends on how easily the Protonmail team coordinates with the investigation team here," Chander says.
An Insider Threat?
Some security specialists question whether the threat might involve an insider.
For example, Na. Vijayashankar, a cyber dispute risk management consultant, believes the email could have been sent by a frustrated employee. "If that's the case, this is only an irritation and doesn't need much attention beyond the formality of filing a police complaint, which has already been done," he says. "This is under the presumption that the email is only a threat and nothing in reality will happen."
Earlier this year, Wipro laid off 600 employees during the time of annual appraisals
Tackling the Situation
Security experts strongly advise against paying ransoms to extortionists. "I have seen several cases where even after paying ransom, the firms have been getting threats through email," says Michael Joseph, Fortinet's regional director, system engineering, India and SAARC.
When organizations face ransomware attacks or other extortion efforts, experts recommend that they immediately contact law enforcement.
Pavan Duggal, attorney at the Supreme Court of India and cyber law expert, says organizations need to establish a clear program for handling such threats. "Additionally, they need to sensitize their employees on these new kind of cybersecurity attacks," he says.