Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan.

Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a strong presence in Europe and Asia.

At the end of September, the company suspended its operations at the Japanese branch after a cyber attack, other branches were not impacted. The attack halted the company’s ordering and shipping operations, and its call center and customer service desk are unavailable.

On October 3, the company confirmed that it was a victim of a ransomware attack, but did not reveal the name of the group responsible for the security breach.

“Upon detecting the incident, we established an Emergency Response Headquarters to investigate the incident, through which we confirmed that our servers were targeted by a ransomware attack.” announced the company.

Qilin ransomware claimed responsibility for the attack on the Beer giant Asahi and leaked 27GB of stolen data, including employee and financial documents.

The ransomware group stole 9323 files and published 29 photos of the stolen documents on its Tor data leak site. Stolen files included contracts, employee, financial, and business data.

This week the company published an update confirming that stolen data from the attack was found online. The firm is investigating the scope and will notify the affected parties.

“Subsequent investigations have confirmed that data suspected to have been subject to unauthorized transfer as a result of the recent attack has been identified on the internet. We are conducting investigation to determine the nature and scope of the information that may have been subject to unauthorized transfer.” reads the update. “Should the investigation confirm any impact from unauthorized data transfer, notifications will be delivered promptly. This incident has impacted our technology assets in Japan. While investigation is ongoing, there is no indication that other data and systems were affected.”

Asahi said its Japanese subsidiaries have resumed full or partial production, and product shipments are back underway.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)