Japan’s Asahi Group expects to restore most of its logistics operations only by February 2026, meaning at least two more months of disruption after the ransomware attack on September 29 crippled systems across ordering, shipping and customer service (inside.beer, 2.10.2025). The company, known for its flagship Asahi Super Dry, reported that the incident may have compromised the data of up to two million people, including 1.52 million customers, 114,000 business contacts and 275,000 current and former employees and family members, according to Reuters and AFP. None of the stolen information has surfaced online so far.
CEO Atsushi Katsuki called the attack “sophisticated and cunning”, confirming that Asahi has had no contact with the perpetrators and would refuse any ransom demand. External cybersecurity analysts pointed to a high likelihood of involvement by the Russian-linked ransomware group Qilin, which publicly suggested responsibility in early October.
While none of Asahi’s 30 domestic factories were directly infected, production had to be halted due to the shutdown of central IT systems. Six breweries resumed operations in early October, but October sales across the company’s key beverage and food businesses fell between 10% and 40% year-on-year. Bars, restaurants and retailers experienced temporary shortages of Asahi beverages, forcing the company to process orders manually.
Electronic ordering systems are expected to be gradually restored from early December, with near-normal logistics projected only by February 2026, resulting in a minimum two-month delay. Asahi noted that recovery must proceed cautiously to ensure the malware does not spread to business partners or clients.
The shutdown has caused extensive delays in financial reporting. Third-quarter earnings, initially due on November 12, were postponed by more than 45 days, and full-year results will be released more than 50 days after the fiscal year ends on December 31, 2025. Despite expected financial deterioration for 2025, Katsuki said the group’s mid- and long-term strategy remains unchanged.
The attack places Asahi among several major global brands targeted by ransomware this year, including Jaguar Land Rover and Marks & Spencer. Experts cited by AFP said such high-profile incidents highlight longstanding underinvestment in cybersecurity across Japanese corporations.
