The Germany unit produces oated inkjet papers, thermal papers, carbonless papers, label papers and barrier papers, according to its website. The last figure given for annual turnover was €316 million (A$517.3 million) with 81% of its output being exported. There are two units: in Bielefeld in Westphalia and Flensburg in Schleswig Holstein.
The people behind the attack have posted a list of zipped files that they have exfiltrated during the ransomware attack. A list of the computers used by Mitsubishi HiTec Paper Europe has also been posted on the dark Web.
All the machines run Windows XP Professional, an outdated version of Microsoft's computer operating system.
The last time DoppelPaymer was reported to have been used to stage a big attack was in April this year when technical documents exfiltrated from Visser Precision, a parts maker for space and defence companies, was leaked on the Web, after they were acquired during an attack in March.
Like numerous other ransomware, DoppelPaymer is designed to first exfiltrate a victim's data and then encrypt it on the victim's machines. If negotiations for a ransom do not go in their favour, then the groups start gradually releasing data that they have exfiltrated.
This process continues and if there is no sight of any payment coming through, then the data is often dumped on hacker forums on the dark Web to be used as the users of those forums see fit. Often, the data is used for phishing, credit card theft etc.
Contacted for comment, Brett Callow, a ransomware researcher from the New Zealand-headquartered security firm Emsisoft said: "Companies that end up on leak sites are to be applauded. Not for their security (obviously), but because they haven't caved to the criminals' demands and paid the ransom.
"The only way to stop ransomware is to make it unprofitable, and that means companies must stop paying.
"The alternative is the creation of a vicious circle in which the criminals continue to become better resourced and able to ramp up their operations in terms of both scale and sophistication. That would mean more attacks and more effective attacks, more ransom payments, more scaling, and so on."