Ransomware: How Beer Shortages and Flight Chaos Got Our Attention

A beer shortage, international flight chaos and a car company putting all production on hold.

Cyber attacks aren’t new, but 2025 may be the year that they become tangibly real for many people.

That’s due to the impact that attacks have had on companies like brewer Asahi, a string of European airlines and iconic automaker Land Rover. Each one has been the victim of major cyber attacks this year that have had a crippling impact on their business and, crucially, millions of their customers.

This year, arguably, the impact has been more visible than ever before. That’s an important reminder of the value of cyber security and robust systems that can help companies that are victims bounce back with minimal damage to their business and precious customer base.

This week, we will dive into three major attacks that took place this summer.

Asahi: When the beer runs dry

On 29 September 2025, Japan’s Asahi Group Holdings disclosed that the company was experiencing a severe systems disruption caused by a ransomware attack.

The breach disabled key operational systems, from order placement to product shipment, customer service desks and call centers. The firm then suspended those digital services. Production in the factories themselves was not directly damaged, but without the systems to process and dispatch orders, operations ground to a halt.

In response, Asahi invoked an emergency response protocol. It isolated afflicted servers, cut off affected networks, and shifted some workflows to manual processing. That meant phone, fax and spreadsheets came into play to keep what orders could be fulfilled moving.

At the time of writing, six key domestic beer factories had restarted production. Each is operating below capacity, however, because the logistics and ordering systems remained offline.

As a result, a shortage of Asahi beer has begun to affect convenience stores, bars and supermarkets across Japan. That’s a major issue when your flagship lager (Super Dry) is one of the country’s most ubiquitous drinks.

A ransomware gang called Qilin claimed responsibility for the attack. It claimed to have accessed some 27 GB of internal documents, that’s more than 9,300 files and it included sensitive information such as financial reports, contracts, budgets and employee data.

Asahi is continuing to investigate the impact of the attack, although it has confirmed that there was unauthorized data transfer.

What do we learn?

• The attack turned a consumer staple, beer, into a visible, everyday crisis as that “no system, no supply” became literal for millions
• The ripple effect spanned not just Asahi, but bars, restaurants, stores, and logistics partners which were impacted
• Even after production restarted, recovery remained fragile without the full restoration of digital pipelines
• It underscores how a cyber incident targeting the back end can cascade into front-line shortages and brand damage

Jaguar Land Rover: When the rubber doesn’t meet the road

On 1 September 2025, Jaguar Land Rover (JLR) halted most of its production lines globally after detecting a sophisticated cyberattack.

The attack first emerged on 31 August, and JLR’s initial step was to shut down IT systems to contain the breach. But the disruption was deep. Facilities in the UK, Slovakia, China and India were among the locations impacted.

Over several weeks, production remained offline as JLR engineers worked to restore systems and verify that there was no further compromise. However, the pause was extended beyond the original deadline as it pushed into October. Employees are only returning to its production line and engineer factory.

It’s not exactly clear what happened based on reported events. Early evidence and investigations point to a supply chain attack that involved a compromised third-party software programme.

The attackers may have leveraged social engineering among other tactics to gain further access within the company’s systems and networks. The attackers claimed responsibility via a group calling itself Scattered Lapsus$ Hunters. The motive appears primarily extortionary. It isn’t clear what they made, but it has been massively expensive.

What do we learn?

• JLR’s daily losses during the shutdown were estimated at £5–10 million per day
• Like Asahi, the disruption extended well beyond JLR, impacting suppliers, logistics and dealerships that depend on a steady flow of components and vehicles
• Companies like JLR with just-in-time supply chains, which align with production schedules, are complicated with the need to audit vendors and rely on trusted third-parties
• The recovery process must include forensic audits, revalidation of supply integrity and careful reintegration of systems

Flight Chaos: European airports disrupted

In mid-September 2025, operational issues plagued multiple European airports. Heathrow, Brussels, Berlin, Dublin and Cork were among the locations that had issues when their check-in, boarding, and baggage drop systems failed.

The root cause was traced to a cyberattack on the software developed by Collins Aerospace, which is widely used to manage gate check-in and boarding systems. The EU cybersecurity agency (ENISA) confirmed that the disruptions were due to a ransomware infection in a third-party system supporting those airports.

The issues led to the suspension of automated check-in and drop baggage systems. As a result, airlines and airports resorted to manual processing including paper tickets, manual guest check and physical inspections.

The impact was enormous. There were dozens of flight cancellations and long delays. Heathrow alone had 29 departures and arrivals that were canceled early, and even more delays followed.

The disruption stretched over several days. IT teams raced to isolate the breach, restore clean backups and deploy security patches in the affected systems, but during that period, affected airports went back in time to an era of analogue operations.

What do we learn?

• The outage hit thousands of passengers through long check-in queues, baggage delays and canceled and rescheduled flights. The disruption was real-time, high-visibility and it directly inconvenienced travelers.
• Like the other examples, third-party software and systems are to blame. A single breach in a vendor can cascade into widespread service failure.
• The incident exposed the fragility of critical infrastructure in transport and the potential for global travel networks to be hit hard.
• In future, redundant fallback systems, compartmentalization, continuous monitoring and rapid patching are essential. Attackers target infrastructure tangential to the core business, so resilience must extend beyond corporate walls.

Taking stock of these major incidents

These three examples highlight a number of key points that can help companies in their preparation:

1. Digital vulnerability can mean physical disruption Whether it’s beer shelves emptying, cars not rolling off assembly lines, or flights being canceled, the boundary between cyber and real world is increasingly blurred.
2. High visibility and leverage attracts attackers None of these are subtle stealth breaches. They are high impact, public and intended to maximize pressure on companies to pay a ransom or capitulate.
3. Third-party and supply chain risk is critical In two of the cases, the attack vector appears to have been through third-party software or supply chains. It’s often said, your security is only as strong as your weakest supplier.
4. Resilience and incident response is key Swift detection, isolation, fallback modes and transparent communication all play an outsized role in how badly a breach translates to real harm.
5. Visibility breeds accountability These attacks were so visible to end users, so the companies will face not just internal disruption, but reputational risk, regulatory scrutiny and customer backlash.

Ransomware attacks are all too common. We recently wrote about how Swedish IT firm Miljödata, which provides digital HR services widely used by the national government, was hacked in an attack that impacted data belonging to 200 of Sweden’s municipal governments.

Unfortunately, the number of attacks is only growing. We hope that the tide turns. But until then, we are here to provide insight and services to companies that want to stay ahead of the game.

Images credit: XH Ong/Flickr, Jaguar MENA/Flickr, London Heathrow International Airport, UK/Flickr