Japan could be days away from running out of Asahi Super Dry as the country’s largest brewer struggles to restart production following a ransomware attack that has forced its breweries offline since September 29.
While no claims of responsibility for the attack have been made, all 30 of Asahi’s factories in Japan remain shut since Monday, halting transactions and deliveries of its flagship lager and nonalcoholic beverages. According to local media, several convenience stores in the country are running low on stockpiles. Asahi has resorted to manual processing to keep orders moving, but as of publication, there is no indication that systems are up.
The brewer stated on October 3 that it has established an Emergency Response Headquarters after detecting the incident in which its servers “were targeted by a ransomware attack.” The company added: “To prevent further damage, we are withholding specific details regarding the cyberattack.”
Asahi said it took “immediate action to contain and respond to the incident,” prioritising the safeguarding of critical data, including personal information of customers and business partners. The company said affected systems were promptly isolated “to minimise the impact.”
Subsequent investigations have found “traces suggesting a potential unauthorised transfer of data,” though Asahi said it is still working to determine “the nature and scope of the information that may have been subject to unauthorised transfer.”
Operations across Asahi’s domestic businesses, including order placement and product shipment, remain affected. “Additionally, we are currently unable to receive email communications from external sources,” the company said. While system-based order and shipment processes remain suspended, Asahi said it has “begun partial manual order processing and shipment” to prioritise product supply.
The company is also preparing to “partially and gradually resume call centre operations, including customer service desks” during the week of October 6.
TBS News reported that the company is using paper and fax machines to process orders. Asahi has not commented on potential shortages or on the level of stock held by retailers. The brewer produces the equivalent of 6.7 million large bottles of beer per day in Japan, according to Financial Times calculations.
Group President and CEO Atsushi Katsuki issued an apology: “I would like to sincerely apologise for any difficulties caused to our stakeholders by the recent system disruption. We are continuing our investigation to determine the nature and scope of the potential unauthorised data transfer. We are making every effort to restore the system as quickly as possible, while implementing alternative measures to ensure continued product supply to our customers. We appreciate your understanding and support.”
According to Asahi, the disruption is limited to Japan. The company is working with external cybersecurity experts to restore systems, but has not provided a timeline for recovery. The brewer added that the potential impact on financial results for the fiscal year ending December 2025 “is currently under review.”
Campaign Asia-Pacific reached out to the beer giant but did not hear back at the time of publication.
Rising toll of ransomware attacks
Ransomware attacks are increasingly disrupting businesses in Japan and beyond, often for weeks at a time and at enormous cost.
Earlier this year, Japan’s National Police Agency (NPA) said around 200 cyberattacks targeted organisations, including the foreign and defence ministries and the semiconductor industry, between 2019 and 2024. Just a day later, security firm Trend Micro reported that at least 46 Japanese entities were hit in the two weeks after December 26, which disrupted banking services and even caused flight delays at Japan Airlines.
A September 2024 survey by Trend Micro found that ransomware-related shutdowns at Japanese companies lasted an average of 10 days; 5.1% of respondents said operations were halted for over a month.
The financial toll from such episodes varies with the length of recovery. In the first half of this year, 59% of companies and organisations under such attacks reported spending at least ¥10 million on investigating and recovering from ransomware attacks—a nine percentage points uptick compared with the full-year figure for 2024. Among cases where recovery took two months or longer, nearly a third of companies (30%) said costs topped ¥100 million.
In April 2024, Japanese optics giant Hoya faced a cyberattack that disrupted operations for over three weeks, leaving some eyeglass brands missing from major retail shelves. The company reported a 40% drop in profits for its eyeglasses business in the April-June quarter.
In June, publisher Kadokawa was hit, shutting down its Niconico Douga video-sharing site and book shipping systems. The attack cost the company 2.4 billion yen ($16.3 million) in extraordinary losses for the fiscal year ending last March.
Outside Japan, Jaguar Land Rover had to stop production in the U.K. for over a month due to a cyberattack in August. The British government stepped in with 1.5 billion pounds ($2 billion) in loan guarantees.
AloJapan.com