Security Market Segment LS
Monday, 29 June 2020 08:23

Gang uses DoppelPaymer ransomware to attack Mitsubishi Paper site in Germany

By
Gang uses DoppelPaymer ransomware to attack Mitsubishi Paper site in Germany Screenshot taken from Mitsubishi HiTec Paper Europe website.

Cyber criminals using the DoppelPaymer ransomware that attacks Windows systems have hit Mitsubishi HiTec Paper Europe, a company based in Germany, which is a part of Tokyo-based Mitsubishi Paper Mills.

The Germany unit produces oated inkjet papers, thermal papers, carbonless papers, label papers and barrier papers, according to its website. The last figure given for annual turnover was €316 million (A$517.3 million) with 81% of its output being exported. There are two units: in Bielefeld in Westphalia and Flensburg in Schleswig Holstein.

The people behind the attack have posted a list of zipped files that they have exfiltrated during the ransomware attack. A list of the computers used by Mitsubishi HiTec Paper Europe has also been posted on the dark Web.

All the machines run Windows XP Professional, an outdated version of Microsoft's computer operating system.

The company has no contacts listed and the media releases on its site do not give any contact either. Given that, iTWire has contacted the only people whose email addresses are listed - people who handle technical services - to seek comment about the incident.

The last time DoppelPaymer was reported to have been used to stage a big attack was in April this year when technical documents exfiltrated from Visser Precision, a parts maker for space and defence companies, was leaked on the Web, after they were acquired during an attack in March.

Like numerous other ransomware, DoppelPaymer is designed to first exfiltrate a victim's data and then encrypt it on the victim's machines. If negotiations for a ransom do not go in their favour, then the groups start gradually releasing data that they have exfiltrated.

This process continues and if there is no sight of any payment coming through, then the data is often dumped on hacker forums on the dark Web to be used as the users of those forums see fit. Often, the data is used for phishing, credit card theft etc.

Contacted for comment, Brett Callow, a ransomware researcher from the New Zealand-headquartered security firm Emsisoft said: "Companies that end up on leak sites are to be applauded. Not for their security (obviously), but because they haven't caved to the criminals' demands and paid the ransom.

"The only way to stop ransomware is to make it unprofitable, and that means companies must stop paying.

"The alternative is the creation of a vicious circle in which the criminals continue to become better resourced and able to ramp up their operations in terms of both scale and sophistication. That would mean more attacks and more effective attacks, more ransom payments, more scaling, and so on."

Read 5108 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




ELASTICON SYDNEY 2024 LATEST ADVANCEMENTS IN GENERATIVE AI

On 20 February, keynote addresses from NAB, Canva, AWS, and Google Cloud, among others, will feature at ElasticON Sydney 2024.

This event will explore the latest advancements in generative AI

The one-day conference, hosted by leading search analytics company Elastic, will include networking drinks, hands-on labs, technical sessions and a stellar line-up of keynote speakers from finance, technology, and government e=sectors.

ElasticON Sydney 2024 promises to be an enriching experience with a comprehensive exploration of the latest developments in security, observability, generative AI and their real world applications

Don't miss out on this opportunity to network and find answers for what's next from your industry peers and leaders


Register for ElasticON Sydney 2024

REGISTER HERE!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown:

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments