Asahi Says It Is Not Negotiating With Ransomware Hackers

Asahi Breweries said it had not entered into communications with the operators behind a sophisticated ransomware campaign that began months ago and had entered its third month as of November 27, 2025. Company executives told reporters there was no evidence that a ransom payment had been made, and they confirmed that the firm had postponed release of its quarterly results while it continued incident response and remediation.

The breach has affected multiple information technology systems and prompted delays in public financial filings and some customer facing operations. Asahi said it was working with external cybersecurity firms and coordinating with law enforcement as it sought to contain the incident and restore systems. The company described the attack as sophisticated and ongoing, and it has not provided a timeline for full restoration of services or for the delayed disclosures.

The disruption comes as a reminder that major consumer goods companies remain attractive targets for ransomware groups. Asahi, one of Japan’s largest brewers with an extensive global supply chain and large retail customer base, faces heightened operational and disclosure risks when core IT systems are impaired. The postponed quarterly reporting reduces transparency for investors and creditors, and could affect market assessments of the company’s near term performance and liquidity needs.

For corporate boards and risk managers the episode reinforces long standing advice from cybersecurity professionals. Firms are being urged to harden backups, ensure effective segmentation of critical systems, and maintain clear lines of coordination with law enforcement and regulatory authorities. Industry watchers note that attacks on consumer facing brands can propagate through suppliers and logistics partners, amplifying economic disruption beyond the initial victim.

Ransomware incidents have become a material operational and financial risk for non financial companies. Industry estimates place annual global costs from ransomware in the tens of billions of dollars, driven by ransom payments, recovery expenses, lost sales, and reputational damage. For companies with complex manufacturing and distribution networks, even temporary outages in order processing, invoicing, or production planning can translate into measurable revenue losses and increased working capital requirements.

Regulators and investors are paying closer attention to cyber resilience. Delays to statutory filings can trigger scrutiny from securities regulators in major markets, and prolonged operational disruption can influence credit ratings and supplier relations. Asahi’s decision to publicly deny any negotiation or ransom payment aims to signal a refusal to yield to extortion, but it also leaves open difficult trade offs about speed of recovery versus preserving evidence for law enforcement.

As the response continues, key questions for Asahi will include how quickly it can restore critical systems, the scope of any data exfiltration, and the downstream impact on sales channels that depend on real time IT connectivity. The incident will likely prompt renewed investment in cyber defenses across the consumer goods sector as companies reassess vulnerabilities and the costs of resilience versus the consequences of an extended outage.