Japan’s brewing industry is facing a new digital crisis. The Qilin ransomware group has claimed responsibility for a cyberattack against Asahi Breweries, one of the world’s largest beverage companies. The attackers confirmed not only operational disruptions but also the theft of sensitive data.
The incident has put the global manufacturing sector on alert, as it demonstrates how ransomware groups combine advanced extortion techniques with increasingly aggressive strategies to pressure victims.
On September 29, 2025, Asahi Breweries, Japan’s largest beer producer, shut down six production plants after a cyberattack crippled its internal systems.
A few days later, on October 3, the company confirmed it was a ransomware attack, a type of malware that locks systems or steals data in exchange for payment.
Initially, no group had claimed responsibility. However, this week Qilin listed Asahi on its data leak site, alleging the theft of 27 GB of data—around 9,300 files, including financial reports, contracts, employee IDs, and internal documents.
Qilin ransomware announcing Asahi (Source: BleepingComputer)
To back their claims, the attackers released 29 screenshots as proof of the stolen data, showing:
The group also claimed the attack caused up to $335 million in losses due to halted production of 30 beer labels.
Asahi, with 30,000 employees and an annual output of 100 million hectoliters, generates over $20 billion in yearly revenue—making this attack a direct blow to the heart of its production infrastructure.
Qilin ransomware, active since 2023, has quickly become one of the most aggressive ransomware gangs worldwide.
The group is cross-platform, capable of attacking both Windows and Linux systems, and has been linked to Scattered Spider and North Korean threat actors.
Its past victims include Nissan, Inotiv, Lee Enterprises, several NHS hospitals in London, and Yangfeng Automotive.
Qilin is known for exploiting critical network vulnerabilities, stealing credentials, and continuously improving its encryptor to bypass traditional defenses.
Their usual approach involves stealing data first and then encrypting systems, allowing them to pressure victims with the threat of public leaks if ransoms are not paid.
Learn more: What Is Ransomware? How to Prevent
Security reports suggest Qilin attempted to negotiate a ransom with Asahi, but after the company refused to pay, the attackers made the data public.
This is typical of modern ransomware operations following a “double extortion” model: first locking systems, then threatening to release stolen information if the ransom isn’t paid.
The leaked materials on Qilin’s site included not only business documents but also ongoing project data, financial reports, and employee records—potentially causing reputational and legal damage.
The attack forced Asahi to halt production in six plants and temporarily suspend distribution processes.
Its flagship product, Asahi Super Dry, was among the most affected, with production paused for several days.
The company has since partially restored operations using a temporary manual ordering system, allowing limited production to resume.
Full restoration of all production lines is expected by October 15, although Asahi admitted that not all systems have been fully recovered.
Due to the attack, the company also postponed several new product launches originally planned for October 2025.
The Asahi incident highlights that ransomware remains one of the most severe threats to large enterprises, especially those with industrial operations.
At TecnetOne, we’ve observed a surge in attacks targeting production chains, a sector particularly vulnerable due to legacy systems and internet-connected industrial networks.
Attackers know that every minute of downtime equals millions in losses, which increases pressure on victims to pay.
Moreover, modern ransomware isn’t just about money—many groups pursue geopolitical or industrial espionage goals, using data leaks as tools of disruption and leverage.
Similar titles: Dark Web Profile of the SafePay Ransomware
This attack offers several key lessons for organizations reliant on critical infrastructure:
To reduce the risk of attacks like Asahi’s, TecnetOne’s cybersecurity experts recommend:
A defense-in-depth strategy—combining technology, process, and security culture—is the most effective protection against ransomware.
The Asahi case confirms that no organization is immune to ransomware, regardless of size or industry.
Groups like Qilin operate with precision, speed, and multiple motivations—financial, political, and strategic.
At TecnetOne, we believe the key to confronting this new era of threats is anticipation, system hardening, and a strong cybersecurity culture.