The notorious Qilin ransomware group has claimed responsibility for the attack that disrupted beer giant Asahi’s operations in Japan.
The company disclosed the incident last week, warning that system failures had disrupted its order and shipment operations in Japan, as well as its call center operations.
On Monday, October 6, Asahi confirmed that ransomware was used in the attack, saying that it was scrambling to restore the affected systems, without providing an estimation on how long the downtime would continue.
The company also said that the hackers had stolen data from its systems, without sharing details on whether personal information was compromised.
On Tuesday, the Russia-based Qilin ransomware gang added Asahi to its leak site, claiming the attack and the theft of 27 gigabytes of data.
The compromised information, the hackers say, includes contracts, employee information, financial documents, forecasts, and other business data. The ransomware group says it stole over 9,000 files from the brewing giant and published a series of screenshots as proof.
In a Wednesday statement, Asahi noted that the stolen data has been published on the internet, essentially confirming Qilin’s claims.
“We are conducting [an] investigation to determine the nature and scope of the information that may have been subject to unauthorized transfer. Should the investigation confirm any impact from unauthorized data transfer, notifications will be delivered promptly,” Asahi said.
The brewing giant also announced that its domestic subsidiaries have fully or partially resumed production at their factories in Japan. Product shipments have resumed as well, it said.
It is unclear if Asahi engaged in negotiations with the hackers and what their ransom demands were. The company declined to comment on the matter when asked last week.
One of the most active ransomware gangs now, Qilin has claimed attacks on 578 victims this year, 105 of which have been confirmed by the victim organizations.
This suggests it is highly possible that it carried out the intrusion against Asahi, Comparitech head of data research Rebecca Moody said.
“While the amount of data allegedly stolen by Qilin (27 GB), is quite low compared to some of Qilin’s other claims (e.g. 9.7 TB from Yooshin Engineering Corporation in South Korea), that’s not to say that the data involved isn’t highly sensitive. Qilin actually alleges that it includes financial documents and employee data and has provided screenshots to prove these claims,” Moody said.
“Asahi now needs to respond to Qilin’s allegations and confirm what data could have been impacted so those affected can be on high alert for any potential phishing campaigns or suspicious account activity. This attack becomes the 19th confirmed attack on a food and beverage manufacturer this year so far,” Moody added.
*Updated with Asahi’s Wednesday statement.
Related: Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
Related: North Korea’s Fake Recruiters Feed Stolen Data to IT Workers
Related: The Cybersecurity Information Sharing Act Faces Expiration
Related: Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps
