If you’ve ever thought ransomware was “just an IT issue,” the case of Askul proves otherwise. This attack didn’t just affect servers—it halted operations, disrupted entire logistics chains, and exposed the personal data of over 700,000 individuals. Most importantly, it offers clear lessons for any company that relies on digital systems, automation, and data.
At TecnetOne, we analyze these types of incidents because they starkly illustrate how a poorly managed breach can become an operational, reputational, and legal crisis all at once.
Who Is Askul and Why This Attack Matters
Askul is one of Japan’s leading e-commerce and logistics companies. It is widely known for supplying office products, stationery, IT equipment, and consumables to both businesses and individual consumers. Askul is also part of the LOHACO / Yahoo Japan ecosystem, amplifying its market presence.
This is a highly automated company, operating advanced fulfillment centers with minimal friction. That’s precisely why the impact of the attack was so severe.
How the Ransomware Attack Began
Askul detected the attack on October 19, 2025. By then, the attackers had already gained something critical: access to internal infrastructure using stolen credentials.
This detail is key. It wasn’t a sophisticated zero-day exploit but something far more common—and dangerous: valid credentials that had been compromised. From there, attackers:
- Accessed the corporate network
- Conducted internal reconnaissance
- Stole additional credentials
- Moved laterally across systems
- Disabled security mechanisms
- Deleted backups
- Finally, deployed ransomware
This pattern is unfortunately familiar and shows how a single compromised account can bring down an entire organization.
Learn more: How to detect Medusa Ransomware with Wazuh?
Operational Impact: When Everything Stops
The ransomware didn’t just encrypt data—it caused massive disruptions to orders, shipments, and automated logistics systems. It took until early December—almost a month and a half—for services to gradually return to normal.
For an e-commerce and logistics company, that’s an eternity.
Here’s a critical lesson: modern ransomware doesn’t just encrypt—it paralyzes your business. If you can’t sell, ship, or invoice, the pressure to pay skyrockets.
RansomHouse and the Data Leak
The ransomware group RansomHouse claimed responsibility for the attack. According to them, they stole around 1 TB of sensitive data.
After what appears to have been a failed negotiation or Askul’s refusal to pay, the group began leaking data in November and December. So far, they have released three “evidence packages” containing stolen information.
This is the classic double-extortion model: first they encrypt your systems, then they threaten to publish stolen data.
What Data Was Compromised
Askul confirmed that the incident affected customers, partners, and internal personnel. The numbers are staggering:
- Business customers: ~590,000 records
- Individual consumers: ~132,000 records
- Partners (suppliers, agents, distributors): ~15,000 records
- Employees and executives (including group companies): ~2,700 records
Although Askul clarified that LOHACO’s payment system doesn’t store credit card data, the amount of personal information compromised is significant. Names, contact info, company data, and potentially more are now out of control.
Askul’s Official Response
Askul reported the incident to Japan’s Personal Information Protection Commission and notified affected customers and partners individually. They also implemented long-term monitoring and announced additional measures as the investigation progresses.
CEO Akira Yoshioka acknowledged the seriousness of the incident, stating it caused major disruption and that the company had mobilized all resources to contain the damage and restore services.
He also announced a comprehensive review of the company’s Business Continuity Plan (BCP)—something many organizations only do after a real crisis.
Similar titles: Dark Web Profile of the SafePay Ransomware
A Concerning Pattern in Japan
Askul’s case isn’t isolated. Just a month earlier, Asahi, another Japanese company, suffered a ransomware attack affecting nearly 2 million customers and employees and causing major operational disruptions.
This shows a clear trend: large Japanese companies—especially those with critical operations, advanced automation, and vast data volumes—are becoming top ransomware targets.
Lessons You Can’t Ignore
At TecnetOne, we believe this case highlights several lessons applicable to companies of all sizes and industries:
- Credentials remain the Achilles’ heel
The attackers used stolen credentials. Without strong identity management, MFA, and monitoring, you’re always at risk. - Backups must be untouchable
Deleting backups is one of the first things attackers do. Backups must be isolated, tested, and protected. - Automation increases impact
The more automated your operations, the more damage when they stop. Resilience must scale with efficiency. - The continuity plan can’t sit on a shelf
A BCP without real testing is just a document. Real-world attacks are the ultimate test—and they rarely give warnings. - Transparency is no longer optional
With public leaks, regulators, and social pressure, companies must communicate fast and clearly. Hiding or downplaying only worsens the damage.
A Necessary but Uncomfortable Truth
The Askul attack proves that no company is safe due to size, reputation, or automation. Ransomware doesn’t discriminate—it targets organizations where impact is maximized.
What’s clear is this: cybersecurity is no longer a technical issue—it’s a business continuity issue. And each incident like this reinforces an uncomfortable truth: preparation is costly, but not preparing is even more expensive.
At TecnetOne, we analyze cases like this not to assign blame, but to help others learn before it’s too late. Because when ransomware comes knocking, there’s no room left for improvisation.
