On October 3, 2025, Asahi Group Holdings, a major Japanese brewing company with international brands such as Grolsch, Peroni, Pilsner Urquell, and UK-based Fullers, disclosed a ransomware attack impacting its domestic subsidiaries. The attack caused a week-long operational outage, including suspension of production at some factories, disruption of order placement and shipment processes, and call center downtime. The ransomware was deployed on company servers, leading to system failures and forcing the company to revert to manual order processing and shipment to maintain product supply. Asahi confirmed that attackers exfiltrated data from its servers, but details about the stolen data's nature and scope are still under investigation. The company isolated affected systems quickly to contain the incident and protect critical data, including personal information of customers and business partners. The attack did not affect Asahi's international operations. There is no public information about ransom demands or negotiations, and no known ransomware group has claimed responsibility. The incident underscores the threat ransomware poses to large manufacturing and supply chain organizations, disrupting operations and risking sensitive data exposure. Asahi is working to restore systems but has not provided a recovery timeline. The company is also evaluating the financial impact of the attack. This event highlights the importance of incident response preparedness, data protection, and operational resilience in the face of ransomware targeting critical infrastructure and supply chains.

For European organizations, especially those connected to or dependent on Asahi's international supply chain and brands, this ransomware attack illustrates the risk of operational disruption and data compromise in global manufacturing and distribution networks. Although Asahi's international operations were not directly affected, the incident could cause supply delays or shortages of popular beer brands in European markets, impacting distributors, retailers, and consumers. The exfiltration of data raises concerns about potential leaks of sensitive business or customer information, which could lead to reputational damage, regulatory scrutiny under GDPR, and financial losses. European subsidiaries or partners of similar multinational companies may face increased targeting by ransomware groups seeking to disrupt supply chains or extract sensitive data. The attack also highlights the need for robust cybersecurity defenses and incident response capabilities in manufacturing sectors critical to European markets. Additionally, call center downtime and communication disruptions could affect customer service and business continuity. Overall, the incident demonstrates the cascading effects ransomware can have beyond the initial victim, affecting European supply chains, regulatory compliance, and market stability.

European organizations, particularly those in manufacturing and supply chain roles, should implement advanced endpoint detection and response (EDR) solutions to identify ransomware behaviors early. Network segmentation is critical to limit ransomware spread across subsidiaries and operational units. Regular, immutable backups stored offline or in air-gapped environments must be maintained and tested to ensure rapid recovery without paying ransom. Organizations should conduct ransomware tabletop exercises simulating supply chain disruptions to improve incident response readiness. Implement strict access controls and multi-factor authentication (MFA) for all critical systems to reduce the risk of initial compromise. Continuous monitoring of data exfiltration attempts using data loss prevention (DLP) tools can help detect and block unauthorized data transfers. Supply chain partners should be included in cybersecurity awareness and incident response planning to ensure coordinated defense and recovery. Legal and compliance teams must be prepared to handle potential data breach notifications under GDPR promptly. Finally, organizations should maintain threat intelligence sharing with industry groups to stay informed about emerging ransomware tactics targeting manufacturing and supply chains.