Security Market Segment LS
Monday, 29 June 2020 08:23

Gang uses DoppelPaymer ransomware to attack Mitsubishi Paper site in Germany

Gang uses DoppelPaymer ransomware to attack Mitsubishi Paper site in Germany Screenshot taken from Mitsubishi HiTec Paper Europe website.

Cyber criminals using the DoppelPaymer ransomware that attacks Windows systems have hit Mitsubishi HiTec Paper Europe, a company based in Germany, which is a part of Tokyo-based Mitsubishi Paper Mills.

The Germany unit produces oated inkjet papers, thermal papers, carbonless papers, label papers and barrier papers, according to its website. The last figure given for annual turnover was €316 million (A$517.3 million) with 81% of its output being exported. There are two units: in Bielefeld in Westphalia and Flensburg in Schleswig Holstein.

The people behind the attack have posted a list of zipped files that they have exfiltrated during the ransomware attack. A list of the computers used by Mitsubishi HiTec Paper Europe has also been posted on the dark Web.

All the machines run Windows XP Professional, an outdated version of Microsoft's computer operating system.

The company has no contacts listed and the media releases on its site do not give any contact either. Given that, iTWire has contacted the only people whose email addresses are listed - people who handle technical services - to seek comment about the incident.

The last time DoppelPaymer was reported to have been used to stage a big attack was in April this year when technical documents exfiltrated from Visser Precision, a parts maker for space and defence companies, was leaked on the Web, after they were acquired during an attack in March.

Like numerous other ransomware, DoppelPaymer is designed to first exfiltrate a victim's data and then encrypt it on the victim's machines. If negotiations for a ransom do not go in their favour, then the groups start gradually releasing data that they have exfiltrated.

This process continues and if there is no sight of any payment coming through, then the data is often dumped on hacker forums on the dark Web to be used as the users of those forums see fit. Often, the data is used for phishing, credit card theft etc.

Contacted for comment, Brett Callow, a ransomware researcher from the New Zealand-headquartered security firm Emsisoft said: "Companies that end up on leak sites are to be applauded. Not for their security (obviously), but because they haven't caved to the criminals' demands and paid the ransom.

"The only way to stop ransomware is to make it unprofitable, and that means companies must stop paying.

"The alternative is the creation of a vicious circle in which the criminals continue to become better resourced and able to ramp up their operations in terms of both scale and sophistication. That would mean more attacks and more effective attacks, more ransom payments, more scaling, and so on."


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.


talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments