A ransomware attack on Asahi Group, Japan’s premier beer manufacturer, has forced widespread production halts and exposed critical cybersecurity gaps, raising alarms about the preparedness of Japanese businesses against digital threats.
The cyberattack, which occurred last week, targeted Asahi’s operational systems, crippling order placement and shipping processes and necessitating the shutdown of most of its 30 factories across Japan. This disruption led to noticeable shortages of popular Asahi products, including its flagship Super Dry beer, in convenience stores throughout the country. By Tuesday, the Qilin ransomware group, known for its global cyber incursions, claimed responsibility for the breach, asserting it had exfiltrated approximately 27 gigabytes of corporate data.
In response, Asahi has gradually resumed operations at all six of its alcohol production facilities, though full restoration of production and distribution capabilities remains uncertain. The company is investigating the potential unauthorized data transfer, while cybersecurity firms have verified Qilin’s claims, noting the publication of stolen information such as budgets, contracts, and personal details on the group’s website.
Cybersecurity experts emphasize that this incident underscores the vulnerabilities and lack of readiness among Japanese corporations, particularly concerning ransomware attacks where hackers encrypt systems and demand ransoms for access restoration. While Japan is a leader in robotics and high-tech industries, it faces an acute shortage of cybersecurity professionals and lower digital literacy rates, especially among its aging population.
Data from Japan’s National Police Agency reveals 116 ransomware attacks on companies and individuals in the first half of 2025, with recovery costs exceeding $66,000 in 59% of cases, up from 50% in 2024. However, experts like Cartan McLaughlin of Nihon Cyber Defense suggest the actual number of attacks could be ten times higher due to underreporting, highlighting a pervasive issue.
The Asahi hack is the fourth cyber operation by Qilin against Japanese companies since June, according to tech research site Comparitech. Qilin, emerging in 2022, has claimed over 100 confirmed ransomware attacks this year alone, indicating a growing threat landscape. This pattern mirrors global trends, such as the recent attack on Jaguar Land Rover that caused estimated losses of $2.7 billion and prolonged factory closures.
In light of these developments, the Japanese government is bolstering its cyber defenses. Chief Cabinet Secretary Yoshimasa Hayashi announced efforts to strengthen cybersecurity measures nationwide, warning that system failures from such attacks could endanger public safety. This follows the passage of a new cybersecurity law in May and the establishment of the National Cybersecurity Office in July, aimed at enhancing the country’s resilience.
Looking ahead, experts like Masaki Hiraoka of Blackpanda stress that cyber incidents are becoming inevitable, necessitating a shift from mere prevention to effective response and recovery strategies. The rapid advancement of artificial intelligence is enabling threat actors to automate and localize attacks more efficiently, making robust preparedness essential. As Asahi works to normalize its operations, the event serves as a stark reminder for businesses to prioritize cybersecurity investments and incident response planning to mitigate future disruptions.