Wipro Receives Threat Mail Demanding Rs 500 Crore in Bitcoins

Wipro Receives Threat Mail Demanding Rs 500 Crore in Bitcoins is a Business Standard report published on 6 May 2017 by Ayan Pramanik. The article covers an anonymous extortion threat sent via ProtonMail demanding Rs 500 crore in bitcoin from Wipro by 25 May 2017 under threat of ricin poisoning attacks on employees, featuring analysis from Sunil Abraham, then Executive Director of the Centre for Internet and Society, on the novel use of cryptocurrency demands in physical corporate extortion attempts, alongside details of a similar incident targeting Infosys one month earlier.

Contents

  1. Article Details
  2. Full Text
  3. Context and Background
  4. External Link

Article Details

📰 Published in:
Business Standard
📅 Date:
6 May 2017
👤 Authors:
Ayan Pramanik
📄 Type:
News Report
📰 Article Link:
Read Online

Full Text

Information technology (IT) companies like Wipro and Infosys are facing threats from unknown messengers. Barely a month after Infosys' Chennai office received an anonymous letter, along with a packet of "anthrax" powder, demanding a ransom of Rs 500 crore, Wipro has received a similar threat.

Wipro on Friday received an anonymous email demanding Rs 500 crore worth currency in bitcoins as ransom by May 25, failing which its employees may be attacked using highly toxic ricin.

S Ravi, additional commissioner of police, cyber crime division of Bangalore Police, told reporters that the mail reportedly was sent to Wipro's Sarjapura Road office reception from 'Ramesh2@protonmail.com'. The mail said one kg of high-quality ricin would be used to kill employees, and the poison may be put in cafeteria food, toilet seats and toilet papers, the officer said.

ProtonMail, an email service inspired by Edward Snowden, the engineer who leaked secret files of the US' National Security Agency, encrypts the mails at both ends.

In an interview with Business Standard last year, Andy Yen, cofounder of ProtonMail, revealed that ProtonMail itself did not have the ability to read the emails of its users.

About a month ago, an unknown messenger dropped a suspicious parcel with white powder, proclaiming it to be 'anthrax powder', at Infosys' Sholinganallur office in Chennai, and demanded Rs 500 crore in ransom. The messenger threatened to spread anthrax at the company's campus, if the ransom was not paid. The message on a paper also contained a QR code.

While Wipro has beefed up security measures across locations and lodged a complaint with the local cyber crime division, an investigation on the Chennai incident is still on. However, an Infosys spokesperson said the security personnel had not found anthrax in the packet later.

In the latest case, what is surprising to the cyber experts is the demand of ransom in bitcoins. "So far, demands for bitcoins have been in the context of cyber crimes against individuals using ransomware attacks. This is the first time I am hearing of a corporation being asked to pay up in bitcoins to avoid an attack on their facilities," said Sunil Abraham, executive director, The Centre for Internet & Society.

A probe has also been started based on the threats against Wipro. "Wipro has filed a complaint with the local law enforcement authorities after receiving a threatening letter from an unidentified source. Wipro has augmented security measures at all its office locations. There is no impact on the company's operations. We have no further comment as the investigation is going on," said a Wipro spokesperson.

Analysts say such threats may hardly impact the operational activities of the company since there are chances that they may turn out to be "hoax". However, a Bengaluru-based analyst said companies should have strong protocol and implement that to thwart any possible attack in future.

Back to Top ⇧

Context and Background

This report appeared during a brief spate of extortion threats targeting major Indian IT companies, with both Wipro and Infosys receiving similar Rs 500 crore demands within a month. The threats combined traditional physical extortion methods—threatening biological weapon attacks via ricin or anthrax—with cryptocurrency payment demands, representing an unusual hybrid of old and emerging criminal tactics. Law enforcement and analysts suggested these incidents could turn out to be hoaxes, given the implausible ransom amounts and the absence of any confirmed biological threat.

Sunil Abraham’s observation that bitcoin demands had previously appeared “in the context of cyber crimes against individuals using ransomware attacks” highlighted how cryptocurrency-enabled extortion had, by 2017, become routine in digital contexts but remained novel for physical threats. Ransomware attacks encrypting victims’ files and demanding bitcoin payment had proliferated since 2013, exploiting cryptocurrency’s pseudonymity and irreversibility. The WannaCry ransomware outbreak would occur just one week after this article’s publication, demonstrating ransomware’s global scale and sophistication.

The perpetrator’s use of ProtonMail—an end-to-end encrypted email service developed in Switzerland following Edward Snowden’s 2013 NSA revelations—reflected growing availability of privacy-enhancing technologies that complicated law enforcement investigations. ProtonMail’s architecture prevented even the service provider from accessing message contents, as cofounder Andy Yen had explained to Business Standard. This meant traditional legal processes like service provider cooperation yielded minimal investigative value, forcing police to rely on metadata analysis, IP address tracing through VPN detection, or behavioral patterns rather than direct message interception.

📄 This page was created on 9 January 2026. You can view its history on GitHub, preview the fileTip: Press Alt+Shift+G, or inspect the .