Asahi Refuses to Negotiate After 'Sophisticated' Ransomware Attack That May Have Exposed About 2 Million

Japanese brewer Asahi has confirmed it has not been contacted by the perpetrators of a ransomware attack first disclosed on September 29, which may have exposed identity data for roughly two million people including customers, employees and their families.

Chief Executive Atsushi Katsuki told reporters, "We have not been in touch with the attacker." He added that even if the company had received a ransom demand, it would not have paid one. Asahi described the incident as "sophisticated and cunning" and said the scale of the breach exceeded its expectations.

Impact on operations and finances

The attack forced Asahi to delay the release of third-quarter earnings and later postpone full-year financial results while investigators assess the extent of the damage. Although output at the brewer's 30 domestic factories was not directly affected by the IT outage, production was temporarily halted because of the company-wide systems failure.

Shipments are resuming in stages as systems are recovered. Asahi said electronic ordering systems will begin to be restored from early December, with an aim to return to near-normal operations by February. In the interim the company has resumed production at several breweries and processed some orders manually to prevent widespread shortages.

Data exposure and attack attribution

Asahi warned the intruders may have accessed or stolen identity-related information such as names and phone numbers for about two million people. The company declined to publicly identify the attacker or explain the exact technical method used to breach its systems. Japanese media have reported that a hacker group known as Qilin—believed to operate from Russia—issued a statement that has been interpreted as a claim of responsibility.

"We thought we had taken full and necessary measures (to prevent such an attack)," Katsuki said. "But this attack was beyond our imagination. It was a sophisticated and cunning attack."

Wider context and expert reaction

Similar high-profile incidents have disrupted other global brands. Jaguar Land Rover sought emergency funding after a cyberattack halted production at British plants, and a ransomware attack on a delivery partner led a major Japanese retailer to suspend its domestic online shopping service.

Renata Naurzalieva, director of Japan operations at consultancy Intralink, warned that many Japanese companies remain complacent about cybersecurity and urged stronger investment. "When companies assess cyber spending they often try to justify it by return on investment," she said. "But the question should be: can it protect my assets and network data?"

Asahi said it is proceeding cautiously to prevent the infection from spreading to partners and clients and that further information on how the hack affects corporate performance will be disclosed once systems are restored and relevant data is confirmed.