Asahi Group Holdings, a major Japanese beer and beverage company, suffered a ransomware attack by the Qilin group, disrupting production across its six beer plants in Japan. The attack, first disclosed on September 29, forced a temporary halt in operations, with production resuming only on October 2. Qilin claimed responsibility on October 1, publishing 29 images of allegedly stolen internal documents and asserting the theft of over 9,300 files (27 GB) of data. The group operates a ransomware-as-a-service (RaaS) model, extorting victims for financial gain. The incident remains under investigation, with Asahi declining to confirm the authenticity of the leaked data, extortion demands, or negotiations. Qilin, active since 2022, has a history of high-profile attacks, including the June 2024 breach of Synnovis, a UK diagnostic services provider, which indirectly contributed to a patient’s death in 2025. The Asahi attack highlights the growing threat of ransomware disrupting critical industrial operations, risking financial losses, reputational damage, and operational downtime.
Source: https://www.asahi.com/ajw/articles/16077955
TPRM report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "asa1362013100825",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'beverage (beer and non-alcoholic drinks)',
'location': 'Japan',
'name': 'Asahi Group Holdings',
'size': 'large enterprise',
'type': 'public company'}],
'data_breach': {'data_exfiltration': 'yes (claimed by Qilin)',
'number_of_records_exposed': '9,300+ files',
'type_of_data_compromised': ['internal documents',
'corporate files']},
'date_detected': '2024-09-29',
'date_publicly_disclosed': '2024-09-29',
'date_resolved': '2024-10-02',
'description': 'Qilin, a ransomware group, claimed responsibility for a '
"cyberattack on Japan's Asahi Group Holdings, disrupting "
'production at its beer and beverage plants. The group posted '
'29 images of allegedly stolen internal documents and claimed '
'to have exfiltrated over 9,300 files (27 GB). Asahi Breweries '
'restarted production at its six Japanese beer plants on '
'October 2, 2024, after the attack was first disclosed on '
'September 29, 2024. The incident remains under investigation, '
'with no confirmed details on extortion demands or '
'negotiations.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'public disclosure and operational '
'disruption',
'data_compromised': {'type': ['internal documents',
'corporate data'],
'volume': '27 GB (9,300+ files)'},
'downtime': '3 days (from 2024-09-29 to 2024-10-02)',
'operational_impact': 'production halt at all six Japanese beer '
'plants',
'systems_affected': ['beer production plants (6 locations in '
'Japan)']},
'investigation_status': 'ongoing (as of 2024-10-01)',
'motivation': ['financial gain', 'extortion'],
'ransomware': {'data_exfiltration': 'yes (27 GB claimed)',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Reuters'},
{'source': 'eCrime.ch (cybercrime research platform)'}],
'response': {'communication_strategy': ['public disclosure via spokesperson '
'statement',
'declined to comment on extortion '
'details'],
'incident_response_plan_activated': 'yes (under investigation)',
'remediation_measures': ['restarted production at affected '
'plants']},
'threat_actor': 'Qilin (Ransomware-as-a-Service group)',
'title': 'Qilin Ransomware Attack on Asahi Group Holdings Disrupts Beer '
'Production',
'type': ['ransomware', 'data breach', 'operational disruption']}