Asahi cyberattack impacts – Key Summary
- Asahi suffered a major ransomware cyberattack in September 2025, causing system disruption and exposing employee and server data.
- Japan & East Asia profits fell ‑3.1% year‑on‑year to JPY100bn
- Globally, Asahi saw 0.6% revenue growth to JPY2.15tn, but core operating profit dropped ‑4.6% to JPY202.4bn
- Europe revenue fell ‑3% year‑on‑year amid soft demand in Poland and adverse weather in the Czech Republic
- APAC revenue rose 3.1% year‑on‑year, supported by non‑alcoholic beverage growth and price revisions, despite weaker alcoholic beverage demand in Oceania.
- Asahi has rebuilt systems via phased restoration and plans stronger continuous monitoring to prevent future large‑scale disruptions.
Asahi Group Holdings (Asahi) fell victim to a cyberattack on September 2025 which led to major systems disruption and ultimately a drop in earnings in its latest financial quarter.
A group which declared its name as ‘Qilin’ claimed responsibility for the attack, launching ransomware attacks and demanding Asahi pay a ransom to restore operations, which Asahi President and CEO Atsushi Katsuki said the company has refused to pay.
“Even if we did, there is no guarantee that we would get full restoration and if it became known that we paid up, it is likely that Asahi would be targeted by other attackers as well,” he said.
“We thought we had taken necessary and sufficient measures. However, this attack was more advanced and sophisticated that anything we had anticipated.”
When announcing its FY2025 nine-month (9M) financial results in March this year, the firm reported that the cyberattack had caused its Japan and East Asia business to ‘fall short of expectations’, dropping -3.1% year-on-year to JPY100bn (US$627.3m) despite growing 1.3% year-on-year in revenue to JPY1.03tn (US$6.46bn).
However, globally Asahi reported 0.6% year-on-year growth in revenue to JPY2.15tn (US$13.5bn) but a decline of -4.6% year-on-year in core operating profits to JPY202.4bn (US$1.26bn), citing lower-than-expected revenue in Europe and APAC segments that were not impacted by the cyberattack, reflecting current poor consumer sentiment.
“Overall revenue progress fell short of plan not only due to the impact of the system disruption in Japan, but also to unseasonal weather and lower-than-anticipated demand in Europe,” Asahi said.
“However, various product price revisions in Japan drove increased sales, and overall non-alcoholic beverage revenue in the APAC region has also seen growth.”
Asahi estimates the financial impact of the cyberattack to come up to approximately JPY5bn (US$31.4m) in revenue and JPY2bn (US$12.6m) in profits, and believes that this has caused negative impacts across all businesses in its home market.
Weather and other woes
Outside of Japan, Asahi also showed poor performance in Europe where sales dropped by -3% year-on-year, the only one of Asahi’s markets to show a decline in revenue — Japan still showed 1.3% revenue growth despite the cyberattack impacts, Asia Pacific grew 3.1% year-on-year and all other markets grew 3.3% year-on-year.
“Some major challenges in the European market this quarter led to a decrease in revenue, including soft consumer demand in Poland and unfavourable weather in the Czech Republic,” Asahi stated.
“This has included in drop in both revenue and sales volumes for premium products in this region, which declined by -2.8% and -3.9% respectively this quarter alongside a 1.2% increase in unit sales price.”
Consumer sentiment has also been low in Oceania, where Asahi saw a -1.4% drop in demand for alcoholic beverages.
“That said, the overall APAC region performed well with an increase of +3.1% year-on-year in revenue due to non-alcohol beverage sales increasing in Oceania and South East Asia, likely due to price revisions,” said the firm.
Cyberattack fallout
Asahi also recently published a detailed report on the September 2025 cyberattack, making comprehensive attempts to investigate the incident and prevent further mayhem.
“A disruption to our company system at approximately 7am Japan time on September 29 2025 prompted an investigation which confirmed the presence of encrypted files,” the report stated.
“Following this, it was determined that an external attacker had gained unauthorized access to the Asahi Group network through network equipment located at our Group’s site approximately ten days before the disruption occurred, although the specific date and time could not be determined.”
Asahi believes that the attacker had exploited a password vulnerability to gain administrative privileges and search the internal network for information, before deploying ransomware on September 29 which encrypted the data of several Asahi servers and computer terminals.
“During our efforts to investigate the extent of the impact, we identified that some data from company-issued PCs provided to employees had been exposed [and] there is a possibility that personal information stored on servers in the data centre may have been exposed too,” Asahi added.
“However, we have not confirmed any instance of such personal information being published on the internet [and] the impact of this attack is limited to information managed in Japan.”
Asahi disconnected all of its remote access VPNs, disconnected the internet, shut down all of its data centre systems, suspended its backup data system, and initiated a forensic investigation to verify the soundness of each system.
“We have cooperated with external experts to establish a secure recovery process, and have since confirmed the soundness of all affected servers. A phased restoration is currently underway,” said the firm.
“In light of the recent cyberattack, we will further strengthen our efforts to date, shifting to a system based on continuous monitoring and improvements and strengthening our system to minimise impacts in the event of an emergency.”
