The notorious Qilin ransomware group has claimed responsibility for the attack that disrupted beer giant Asahi’s operations in Japan.
The company disclosed the incident last week, warning that system failures had disrupted its order and shipment operations in Japan, as well as its call center operations.
On Monday, October 6, Asahi confirmed that ransomware was used in the attack, saying that it was scrambling to restore the affected systems, without providing an estimation on how long the downtime would continue.
The company also said that the hackers had stolen data from its systems, without sharing details on whether personal information was compromised.
On Tuesday, the Russia-based Qilin ransomware gang added Asahi to its leak site, claiming the attack and the theft of 27 gigabytes of data.
The compromised information, the hackers say, includes contracts, employee information, financial documents, forecasts, and other business data. The ransomware group says it stole over 9,000 files from the brewing giant and published a series of screenshots as proof.
SecurityWeek has emailed the company for a statement on the hackers’ claims and will update this article if the company responds.
It is unclear if Asahi engaged in negotiations with the hackers and what their ransom demands were. The company declined to comment on the matter when asked last week.
One of the most active ransomware gangs now, Qilin has claimed attacks on 578 victims this year, 105 of which have been confirmed by the victim organizations.
This suggests it is highly possible that it carried out the intrusion against Asahi, Comparitech head of data research Rebecca Moody said.
“While the amount of data allegedly stolen by Qilin (27 GB), is quite low compared to some of Qilin’s other claims (e.g. 9.7 TB from Yooshin Engineering Corporation in South Korea), that’s not to say that the data involved isn’t highly sensitive. Qilin actually alleges that it includes financial documents and employee data and has provided screenshots to prove these claims,” Moody said.
“Asahi now needs to respond to Qilin’s allegations and confirm what data could have been impacted so those affected can be on high alert for any potential phishing campaigns or suspicious account activity. This attack becomes the 19th confirmed attack on a food and beverage manufacturer this year so far,” Moody added.
Related: Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
Related: North Korea’s Fake Recruiters Feed Stolen Data to IT Workers
Related: The Cybersecurity Information Sharing Act Faces Expiration
Related: Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps
