Asahi Blames Ransomware for Crippling Japanese Beer Plants

Asahi Group Holdings Ltd. revealed for the first time that cyber-attackers employed ransomware to bring its domestic factories to a standstill, shedding more light on an online breach that’s raised questions about the country’s online-security preparedness.

The maker of Japan’s most popular brew warned that the perpetrators may have made off with data, though it’s investigating the extent of the infiltration. Asahi has succeeded in isolating the system they attacked, and begun taking orders and commenced some shipments manually, it said in a statement. But it couldn’t gauge when full operations will resume.

The attack on Asahi this week has dominated headlines in Japan and raised concerns retailers will soon run out of “Super Dry” — the country’s top seller. Seven & i Holdings Co. warned customers of possible shortages. Convenience-store chains Lawson Inc. and Familymart Co., whose outlets are ubiquitous across the country, warned that Asahi products including food might become scarce starting Friday.

The disruption underscores Japan’s vulnerability to hacks, which have proliferated globally with the adoption of online storage and networking. It’s of keen concern in a country with extensive digital supply chains that link factory floors to the convenience stores that fuel daily life.

“The fact that a big company like this is taking so long to recover shows their preparation was inadequate,” said Nobuo Miwa, representative director at security firm S&J Corp. “This should’ve been anticipated and planned for.”

Asahi halted production at most of its 30 factories in Japan after the cyberattack hobbled its ordering and delivery system. The company, which also makes Nikka Whisky, said group companies have suspended order processing, shipping and call center functions. On Friday, it said it still can’t tell when it can get systems back online.

“We are investigating the content and scope of any possible information leak,” Atsushi Katsuki, president and group CEO, said in the statement. “We are doing our utmost to achieve recovery at the earliest possible date, while prioritizing product supply to our customers and finding alternative means to fulfill orders.”

The time it’s taking is weighing on Asahi’s shares, which are down around 7% this week. Asahi competes with Kirin Holdings Co. and Suntory Beverage & Food Ltd. in a cut-throat and saturated Japanese market.

The incident is a wakeup call on how even big companies get hacked, said David Suzuki, founder of consulting firm Kikutora Special Risks. If Asahi beer were to disappear from shelves, that would raise awareness about cybersecurity in a country where cyber-literacy remains low and small-to-medium-sized businesses make up the vast majority of companies.

“It’s not life-threatening,” Suzuki said. “But it actually makes the average consumer — the average person on the street — realize that ‘Oh, this can actually affect me.'”

There were 116 reported ransomware cases in Japan in the first half of 2025, matching the six-month record set in the second half of 2022, according to the National Police Agency.

Most soft drinks at 7-Eleven stores are supplied from dedicated inventory hubs, so the immediate impact is limited, a Seven & i representative said. But in places such as an e-commerce site run by Aeon supermarket, sales of Asahi Beer and Asahi Soft Drink products have been temporarily suspended.

Marugen Ramen chain operator Monogatari Corp. said it may switch to Suntory or other beer brands if Asahi inventory runs out. Kisoji Co., a shabu-shabu restaurant chain, is also considering a switch to Suntory or Kirin, although it’s now working with liquor wholesalers to secure stock.

Top photo: An Asahi brewery in Moriya, Ibaraki Prefecture, Japan.