The Asahi Ransomware Attack: A Wake-Up Call for Global Manufacturers

In late September 2025, Japan’s largest brewer, Asahi Group Holdings, became the latest high-profile victim of a ransomware attack that sent shockwaves through the beverage industry and beyond. The attack, claimed by the Russia-based Qilin ransomware group, disrupted operations across Asahi’s domestic facilities and exposed sensitive corporate data, highlighting the growing threat of cybercrime to critical supply chains.

What Happened?

On September 29, Asahi disclosed a cyberattack that led to a system failure, forcing the company to halt order processing, shipments, and customer service operations in Japan. The attack was later confirmed to be ransomware-related, with the Qilin group claiming responsibility and alleging the theft of 27 GB of data, including:

• Employee personal information

• Financial records

• Contracts and forecasts

• Over 9,000 internal files

Operational Impact

The attack had immediate and severe consequences:

• Production halted at most of Asahi’s 30 domestic factories.

• Beer shortages loomed, especially for popular brands like Asahi Super Dry.

• Manual order processing was implemented using pen, paper, and fax machines.

• Call centre's and email systems were taken offline.

• A new product launch was postponed indefinitely.

Although Asahi resumed production at six breweries by early October, full recovery remains uncertain. The company has yet to confirm whether it will pay a ransom or negotiate with the attackers.

Data Breach Concerns

Asahi acknowledged that unauthorised data transfer had occurred and that some of the stolen data had been published online. The company is investigating whether personal information was compromised and has pledged to notify affected individuals if necessary.

Who Is Qilin?

The Qilin ransomware group operates a Ransomware-as-a-Service (RaaS) model, allowing affiliates to launch attacks using its malware. In 2025 alone, Qilin has claimed over 578 attacks, with 105 confirmed by victims. The group is known for targeting large organisations and critical infrastructure globally.

Why It Matters

This attack underscores the real-world consequences of cybercrime:

• Supply chain disruptions directly impacted consumers and retailers.

• Financial uncertainty looms, with Asahi delaying its Q3 earnings report.

• Cybersecurity vulnerabilities in manufacturing systems are now in the spotlight.

Asahi’s incident is the 19th confirmed ransomware attack on a food and beverage manufacturer in 2025, reflecting a troubling trend.

Looking Ahead

Asahi continues to work with cybersecurity experts to restore its systems and assess the full scope of the breach. The attack serves as a stark reminder for businesses worldwide to strengthen their cyber defences, especially those in critical industries.