In September 2025, Japan’s largest brewery, **Asahi Group Holdings**, fell victim to a **Qilin ransomware attack** that crippled its entire digital infrastructure over a weekend. By Monday, all **30 factories shut down**, halting production of flagship products like **Super Dry beer**. The attack locked every computer system, forcing employees to revert to **manual processes**—taking orders by phone, handwriting shipment instructions, and relying on **fax machines** to communicate with warehouses and distributors. Analysts projected an **83% domestic profit loss** if the outage persisted. While six breweries gradually restarted in early October, many systems remained unrecovered weeks later, with operations running primarily on **paper and fax**. The incident exposed critical vulnerabilities in digital dependency, as the company spent weeks rebuilding IT infrastructure from scratch while struggling to meet market demand and avoid reputational damage.
Source: https://www.openpr.com/news/4214482/when-ransomware-hit-in-2025-japan-s-biggest-brewery-survived
TPRM report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "asa3192031100825",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': ['Retailers (e.g., convenience '
'stores)',
'Distributors',
'End consumers (potential beer '
'shortages)'],
'industry': ['Beverage', 'Brewery', 'Food & Beverage'],
'location': ['Japan (HQ in Tokyo)',
'Global operations'],
'name': 'Asahi Group Holdings',
'size': 'Large (30+ factories, multinational)',
'type': 'Public Company'}],
'attack_vector': ['Malicious File Download (likely phishing or compromised '
'link)',
'Network Encryption'],
'customer_advisories': ['Notifications about order delays',
'Potential product shortages (e.g., Super Dry beer)'],
'data_breach': {'data_encryption': 'Yes (ransomware encrypted all computer '
'systems)'},
'date_detected': '2025-09-01T00:00:00Z',
'date_publicly_disclosed': '2025-10-04T00:00:00Z',
'description': "In September 2025, Japan's largest brewery, Asahi Group "
'Holdings, was crippled by a ransomware attack from the Qilin '
'group. The attack locked all computer systems, shutting down '
'30 factories and forcing the company to revert to manual '
'processes, including fax machines and paper orders, for '
'weeks. The incident caused significant operational '
'disruptions, with an estimated 83% domestic profit hit if the '
'outage persisted. Asahi gradually restored six breweries by '
'early October, but many systems remained unrecovered. The '
'attack highlighted the unintended resilience of analog '
'systems like fax machines, which remained operational due to '
'their separation from compromised digital networks.',
'impact': {'brand_reputation_impact': ['High (publicized operational '
'collapse)',
'Media coverage of analog fallback '
'(fax/paper)'],
'customer_complaints': ['Potential Super Dry beer shortages '
'reported by convenience stores'],
'downtime': ['Weeks (partial recovery by early October 2025)',
'37+ days for full system restoration (estimated)'],
'operational_impact': ['Complete shutdown of digital operations',
'Manual order processing (paper/fax)',
'In-person order collection',
'Gradual restart of 6 breweries by early '
'October',
'83% potential domestic profit loss if '
'outage continued'],
'systems_affected': ['All computer systems',
'30 factories',
'Digital order processing',
'Supply chain management']},
'initial_access_broker': {'high_value_targets': ['Computer systems',
'Factory operations',
'Supply chain management']},
'investigation_status': 'Ongoing (as of October 2025)',
'lessons_learned': ['Unintended resilience of analog systems (e.g., fax '
'machines) during cyberattacks',
'Importance of maintaining fallback operational protocols',
'Vulnerability of digital-only workflows to ransomware '
'disruptions',
'Need for robust incident response plans to accelerate '
'recovery'],
'motivation': 'Financial Gain (Ransom Demand)',
'post_incident_analysis': {'corrective_actions': ['System rebuild from '
'scratch',
'Partial restoration of '
'brewery operations (6/30 '
'factories by early '
'October)',
'Continued reliance on '
'analog systems (fax/paper) '
'during recovery'],
'root_causes': ['Likely initial access via '
'phishing or malicious file '
'download',
'Lack of network segmentation to '
'contain ransomware spread',
'Over-reliance on digital systems '
'without tested manual fallbacks']},
'ransomware': {'data_encryption': 'Yes (all computer systems locked)',
'ransomware_strain': 'Qilin'},
'recommendations': ['Implement hybrid (digital + analog) backup systems for '
'critical operations',
'Enhance employee training on phishing/malicious file '
'risks',
'Develop and test manual fallback procedures for cyber '
'incident scenarios',
'Invest in network segmentation to limit ransomware '
'spread',
'Evaluate legacy system retention as a potential '
'resilience measure'],
'references': [{'date_accessed': '2025-10-08', 'source': 'Bloomberg'},
{'date_accessed': '2025-10-04', 'source': 'The Japan Times'},
{'source': 'PayPerFax Research Compilation',
'url': 'https://payperfax.com'},
{'source': 'ABNewswire',
'url': 'https://www.abnewswire.com/email_contact_us.php?pr=when-ransomware-hit-in-2025-japans-biggest-brewery-survived-on-fax-machines'}],
'response': {'communication_strategy': ['Public disclosure via media (e.g., '
'The Japan Times)',
'Customer advisories on potential '
'shortages'],
'containment_measures': ['Isolation of infected systems',
'Disconnection of digital networks'],
'incident_response_plan_activated': 'Yes (IT teams engaged in '
'system rebuild)',
'recovery_measures': ['Rebuilding digital infrastructure from '
'scratch',
'Partial restart of 6 breweries by early '
'October 2025'],
'remediation_measures': ['Manual order processing (fax/paper)',
'In-person order collection',
'Gradual system restoration']},
'stakeholder_advisories': ['Public statements on operational status',
'Warnings to retailers/customers about potential '
'shortages'],
'threat_actor': 'Qilin Ransomware Group',
'title': 'Qilin Ransomware Attack on Asahi Group Holdings (2025)',
'type': ['Ransomware', 'Cyber Attack', 'Operational Disruption']}