Asahi Group Holdings, a major Japanese beer and beverage company, suffered a ransomware attack by the Qilin group, disrupting production across its six beer plants in Japan. The attack, first disclosed on **September 29**, forced a temporary halt in operations, with production resuming only on **October 2**. Qilin claimed responsibility on **October 1**, publishing **29 images** of allegedly stolen internal documents and asserting the theft of **over 9,300 files (27 GB)** of data. The group operates a **ransomware-as-a-service (RaaS)** model, extorting victims for financial gain. The incident remains under investigation, with Asahi declining to confirm the authenticity of the leaked data, extortion demands, or negotiations. Qilin, active since **2022**, has a history of high-profile attacks, including the **June 2024 breach of Synnovis**, a UK diagnostic services provider, which indirectly contributed to a patient’s death in **2025**. The Asahi attack highlights the growing threat of ransomware disrupting critical industrial operations, risking financial losses, reputational damage, and operational downtime.
Source: https://www.asahi.com/ajw/articles/16077955
TPRM report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "asa1362013100825",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'beverage (beer and non-alcoholic drinks)',
'location': 'Japan',
'name': 'Asahi Group Holdings',
'size': 'large enterprise',
'type': 'public company'}],
'data_breach': {'data_exfiltration': 'yes (claimed by Qilin)',
'number_of_records_exposed': '9,300+ files',
'type_of_data_compromised': ['internal documents',
'corporate files']},
'date_detected': '2024-09-29',
'date_publicly_disclosed': '2024-09-29',
'date_resolved': '2024-10-02',
'description': 'Qilin, a ransomware group, claimed responsibility for a '
"cyberattack on Japan's Asahi Group Holdings, disrupting "
'production at its beer and beverage plants. The group posted '
'29 images of allegedly stolen internal documents and claimed '
'to have exfiltrated over 9,300 files (27 GB). Asahi Breweries '
'restarted production at its six Japanese beer plants on '
'October 2, 2024, after the attack was first disclosed on '
'September 29, 2024. The incident remains under investigation, '
'with no confirmed details on extortion demands or '
'negotiations.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'public disclosure and operational '
'disruption',
'data_compromised': {'type': ['internal documents',
'corporate data'],
'volume': '27 GB (9,300+ files)'},
'downtime': '3 days (from 2024-09-29 to 2024-10-02)',
'operational_impact': 'production halt at all six Japanese beer '
'plants',
'systems_affected': ['beer production plants (6 locations in '
'Japan)']},
'investigation_status': 'ongoing (as of 2024-10-01)',
'motivation': ['financial gain', 'extortion'],
'ransomware': {'data_exfiltration': 'yes (27 GB claimed)',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Reuters'},
{'source': 'eCrime.ch (cybercrime research platform)'}],
'response': {'communication_strategy': ['public disclosure via spokesperson '
'statement',
'declined to comment on extortion '
'details'],
'incident_response_plan_activated': 'yes (under investigation)',
'remediation_measures': ['restarted production at affected '
'plants']},
'threat_actor': 'Qilin (Ransomware-as-a-Service group)',
'title': 'Qilin Ransomware Attack on Asahi Group Holdings Disrupts Beer '
'Production',
'type': ['ransomware', 'data breach', 'operational disruption']}