Over two months since ransomware forced a shutdown of its operations, Asahi Holdings continues to experience ongoing back-office system disruptions. The Japanese food and beverage giant has additionally acknowledged that the incident may have resulted in a data breach impacting approximately 1.9 million people. Asahi’s challenges reflect a wider trend, with several Japanese companies struggling with similar ransomware-related consequences.

More than six weeks after confirming it had suffered an attack, Japanese e-commerce firm Askul said this week that it is once again taking orders from corporate customers. Despite the partial recovery, the retailer is still dealing with shipping delays and remains unable to process orders from individual consumers. The disruption extended beyond Askul, impacting other companies such as Muji, whose online store was compelled to halt sales. 

The cases collectively demonstrate that Japanese firms are experiencing extended recovery periods following ransomware attacks, especially when victims refuse to meet ransom demands, says Jon Clay, vice president of threat intelligence for Trend Micro.

"Rebuilding machines could take time depending on how effective IT can access these systems physically but more importantly remotely," he says. "All of these can cause significant delays in recovering, which is why, in some cases, an organization may pay the ransom in order to get the decryption keys and get access back to their systems and data."

Cybersecurity remains a major concern for Japanese organizations, as attackers have exploited critical flaws in Ivanti’s Connect Secure VPN, vulnerabilities that in many cases were left unpatched during the summer months. The situation is worsening, with Japanese businesses and government agencies reporting an increase in attacks overall, even after recent legislation enabled more proactive network defense actions.

As the world's fourth largest economy and the start of many supply chains, Japan is a major target for cybercriminals, says Shane Barney, chief information security officer at credential management firm Keeper Security.

Is Japan Facing a Growing Cyber Threat? 

There are signs that cyberattacks against targets in Japan are accelerating. Sophos reports having tracked more than 200 named ransomware victims in Japan over the last four years, with 72 of those cases occurring within the past year, pointing to a sharp rise in activity.

According to Chris Yule, director of Sophos’ threat research team, Japan is not uniquely targeted by ransomware groups but is instead feeling the impact of a worldwide rise in attacks. In the last 12 months, Japanese ransomware victims increased by 35% compared with the prior year. Globally, ransomware incidents followed a similar pattern, with the number of victims growing by 33%, Yule notes.

"Ransomware groups are opportunistic, attacking any organizations that are vulnerable and likely to pay," Yule says. "We're not seeing any indications that they’re targeting specific geographies or market sectors, but sometimes a couple of big-name victims in the news can make it feel like a trend."