Japan’s biggest brewery announced on Monday they have restarted beer production at some of its plants, but their digital systems remain crippled after a cyberattack, forcing staff to process orders by hand, over the phone, and even by fax.
As Japan scrambles to avert shortages of its best-known lager, the Asahi Super Dry, the brewer said it had restarted production at six domestic breweries on Thursday. A ransomware attack that was first disclosed on 29 September paralysed its IT systems and shut down much of its logistics and customer services operation.
As a result, the company postponed the planned launch of 12 new Asahi products, including fruit soda, lemon-flavoured ginger ale and protein bars, indefinitely.
In its official statement on 3 October, the company confirmed “traces suggesting a potential unauthorised transfer of data” but declined to disclose full details, citing the ongoing investigation.
The company said it had notified law-enforcement authorities and that no customer data had been compromised in the attack.
Its overseas operations, including its ownership of UK brewer Fuller’s and brands such as Peroni, Pilsner Urquell, and Grolsch, remain unaffected. However, only Asahi’s operations in Japan, which account for about half its sales, have been affected by the attack.
Asahi is prioritising shipments of its flagship brands like Super Dry, but other beer lines, soft drinks, and food products remain in partial suspension. The Tokyo-based brewer said call centres and customer service desks may begin gradual restoration during this week, though it cannot estimate when the full system will be revived.
They added that from 15 October it would resume shipments of more than a dozen products, including its non-alcoholic beers Asahi Dry Zero and Asahi Zero, as well as Clear Asahi and whiskey Black Nikka Clear.
Retailers, convenience stores, and small bars across Japan are already showing signs of strain. Some branches of popular convenience stores Seven & I Holdings, Lawson, FamilyMart, and independent bars warn that their stocks of Super Dry could run dry in days.
One yakitori restaurant in Tokyo, which normally serves Asahi on tap, told Reuters it was down to its last keg and had begun sourcing rival brands.
The Marugen ramen chain operator Monogatari Corp has said it may switch to carrying Suntory or other beers should Asahi inventories run dry, according to Bloomberg. Similarly Kisoji Co, a shabu-shabu restaurant chain, said it was considering moving to other brands, but is also working with liquor distributors to secure stock.
“The fact that a big company like this is taking so long to recover shows their preparation was inadequate,” Nobuo Miwa, representative director at security firm S&J Corp, told Bloomberg. “This should’ve been anticipated and planned for.”
In the absence of functioning logistics systems, Asahi has reverted to manual processing; employees are taking orders by telephone, writing them out by hand, or even visiting clients, and relaying shipment instructions via fax.
In estimates from analyst firm Bernstein, if the outage extends into the rest of October, Asahi’s domestic operating profit could shrink sharply, taking an 83 per cent hit domestically, according to The Japan Times. The company’s share price had tumbled more than 7 per cent earlier in the week, before recovering modestly.
CEO Atsushi Katsuki has assured stakeholders that restoring supply is “top priority” and that all available resources, including external cybersecurity firms and law enforcement investigators, have been engaged.
The company has maintained that its overseas operations, including its European operations, remain unaffected by the incident.
Asahi’s Japanese operations produced roughly the equivalent of 6.7 million 600ml bottles of Super Dry per day, according to a calculation by the Financial Times.
Cyber security experts at the Tokyo-based group Nihon Cyber Defence told The Financial Times that Japanese companies are increasingly seen as attractive targets for ransomware attackers because of their poor defences and the fact that many companies simply paid the demanded sum through back channels.
There were 116 reported ransomware incidents in Japan in the first half of 2025, matching the prior six-month high set in late 2022, according to data from the National Police Agency.
In an assessment report last year, Asahi listed a cyberattack as one of the main risks it faced.
Such an incident could potentially lead to an interruption in business operations and even damage its brand, it said, adding that the company was preparing to respond to such a development in a number of ways.
The cyberattack on Asahi comes amid a spate of similar breaches at automakers, retailers and other companies across the world this year.
Jaguar Land Rover Automotive Plc said on Monday it expected to restart operations “in the coming days” after a ransomware attack forced a shutdown of its plants in the UK, Slovakia, India, and Brazil in early September.
Earlier this year, hackers targeted Britain’s retail sector, disrupting Marks & Spencer, supermarket chain Co-op, and luxury department store Harrods.
Who is Sanae Takaichi? Japan’s ‘Iron Lady’ poised to be first woman prime minister
Bear cub injures Spanish tourist at Japan heritage village
Anti-foreigner sentiments are on the rise across Japan. Politicians have noticed
Japan’s next leader may be its first woman as LDP seeks change
Brewing giant suspends Japan operations after cyberattack
Number of injuries among tourists up as Nara deer population hits record levels
