A cohort of Russian-speaking hackers known as Qilin has claimed responsibility for a ransomware attack that hobbled Asahi Group Holdings Ltd’s operations for more than a week.

The group stole roughly 27 gigabytes of data from Japan’s biggest beer brewer including financial documents, contracts, development forecasts and employees’ information, Qilin said on its website. Bloomberg was unable to verify the authenticity of the claims. Asahi is investigating the breach, a spokesperson for the Tokyo-based company said, declining to provide more details.

The outage at Asahi was the latest in a global wave of cyber-incidents that have hit carmakers, financial firms and hospitals. The hack underscores Japan’s vulnerability to online attacks, where even brief halts can ripple from factory floors to store shelves and restaurants given the country’s intricate supply chains.

The Asahi Super Dry maker has restarted at least six of its 30 factories in Japan after the cyberattack paralysed distribution and forced a halt to most of the company’s domestic production last week. A timeline for full restoration of Asahi’s systems remains uncertain. Employees have been processing orders over the phone, said the company, which first reported the hack on Sept 29.

Qilin has been active since mid-2022 and targeted more than a hundred companies in more than a dozen countries, according to a list of alleged victims on the gang’s website. The group has said it was involved in a US$50mil (RM211mil) ransomware hack on UK hospital lab-service provider Synnovis, which led to hundreds of canceled operations and outpatient appointments in 2024.

The group encrypts files on infected computers to prevent access. It also often steals data, which it then threatens to publish, if the target refuses to pay for the decryption key and opts to rebuild the computer system from a backup database. Such so-called double-extortion methods have become increasingly popular as a means to compel payments, according to Jon Clay, vice president of threat intelligence at Trend Micro.

It’s not clear if Qilin’s blog entry – which included screenshots of data it says it stole from Asahi – means the brewer refused to pay a ransom. – Bloomberg