The notorious Qilin ransomware group has claimed responsibility for the attack that disrupted the operations of beer giant Asahi in Japan.
The company disclosed the incident last week, warning that system failures had disrupted its ordering and shipment operations in Japan, as well as its call center operations.
On Monday, October 6, Asahi confirmed that ransomware was used in the attack, adding that it was scrambling to restore affected systems, without providing an estimate for how long the downtime would continue.
The company also said that hackers had stolen data from its systems, without sharing details on whether personal information was compromised.
On Tuesday, the Russia-based Killin ransomware gang added Asahi to its leak site, claiming the attack and the theft of 27 gigabytes of data.
The compromised information, the hackers say, included contracts, employee information, financial documents, forecasts and other business data. The ransomware group says it stole more than 9,000 files from the brewing giant and published a series of screenshots as proof.
in a wednesday statementAsahi noted that the stolen data has been published on the Internet, essentially confirming Killin’s claims.
“We are conducting (an) investigation to determine the nature and scope of information that may have been subject to unauthorized transfer. Should the investigation confirm any impact from unauthorized data transfer, the information will be distributed immediately,” Asahi said.
The brewing giant also announced that its domestic subsidiaries have fully or partially resumed production at their factories in Japan. Product shipments have resumed, it said.
It is unclear whether Asahi engaged in negotiations with the hackers and what their ransom demand was. The company declined to comment on the matter when asked last week.
Now one of the most active ransomware gangs, Qulin has claimed Attacks this year have resulted in 578 victims, 105 of which have been confirmed by victim organizations.
This suggests it is highly possible that it made inroads against Asahi, said Rebecca Moody, head of data research at Comparables.
“While the amount of data allegedly stolen by Qilin (27 GB) is significantly smaller than some of Qilin’s other claims (such as 9.7 TB from Yoshin Engineering Corporation in South Korea), that is not to say that the data involved is not highly sensitive. It actually includes financial documents and employee data and provides proof to these claims.”
“Asahi now needs to respond to Killin’s allegations and confirm what data may have been compromised, so those affected can be on high alert for any potential phishing campaigns or suspicious account activity. This attack becomes the 19th confirmed attack on a food and beverage manufacturer this year,” Moody said.
*Updated with Wednesday’s statement from ASAHI.
Connected: Fortra goanywhere mft zero-day exploited in ransomware attacks
Connected: North Korea’s fake recruiters feed IT workers stolen data
Connected: Cybersecurity Information Sharing Act faces expiration
Connected: Record DDoS attack peaks at 22 Tbps and 10 bps
