Japanese brewing giant Asahi Group Holdings, the manufacturer of Japan's most popular beer Super Dry, suffered a devastating ransomware attack in late September 2025 that forced the company to revert to manual operations using pen, paper, and fax machines. The cyberattack was first disclosed on September 29, when the company announced a system failure that disrupted ordering, shipping, and customer service operations across its 30 domestic breweries in Japan.
The ransomware incident, later claimed by the Qilin hacking group, forced Asahi to temporarily shut down nearly all its Japanese production facilities. The attack crippled the company's online systems, leaving vendors and business owners without access to information as call centers and customer service desks were closed. Asahi was forced to process orders manually using traditional paper-based methods and fax machines to prevent potential beverage shortages across the country.
Initial investigations revealed traces suggesting potential unauthorized data transfer, and the company later confirmed on October 14 that personal information may have been compromised. The Qilin ransomware gang claimed responsibility for the breach, alleging they stole approximately 27 gigabytes of data containing financial documents, budgets, contracts, employee personal information, and company development forecasts. Samples of allegedly stolen data included employee ID cards and other personal documents.
The cyberattack had widespread operational consequences beyond production disruptions. Asahi postponed its quarterly financial results for the third quarter of fiscal year 2025 because the incident disrupted access to accounting-related data and delayed financial closing procedures. Recovery efforts involved collaboration between Asahi's Emergency Response Headquarters, cybersecurity specialists, and Japanese cybercrime authorities.
While all breweries have partially resumed operations and restarted production, computer systems remain non-operational with no clear timeline for full recovery. The company has committed to promptly notifying affected individuals and implementing appropriate measures in accordance with personal data protection laws. This incident highlights Japan's vulnerability to ransomware attacks, as Japanese companies often have weaker cybersecurity defenses compared to other nations and are more likely to pay ransom demands.
