Japan’s Muji hit by ransomware attack on delivery partner

TOKYO – Japanese retailer Muji said on Oct 20 that it stopped its domestic online shopping service after a ransomware attack on a delivery partner.

The news follows a major cyber attack that began in September – and which is still ongoing – on Japanese brewing giant Asahi.

“From 9pm (8pm Singapore time) on Oct 19, we have suspended order processing and shipping operations for the official online shop,” Ryohin Keikaku, the company that runs Muji, said in a statement.

“This suspension is due to a system failure caused by ransomware infection at Askul,” it said, referring to its online shopping delivery partner.

“We are working with Askul to restore operations, but the resumption date remains undetermined at this time,” the statement added.

Askul said it was “investigating the scope of the impact, including any potential link of personal information or customer data”.

The statement, issued on Oct 19, gave no information on the perpetrator of the attack or what their demands were.

Ryohin Keikaku shares fell 2.5 per cent in afternoon trade, having been more than 6 per cent down in earlier trade. Askul’s shares lost more than 5 per cent.

Asahi started experiencing system troubles on Sept 29.

On Oct 20, it said that its system for processing orders and shipping operations “remain suspended”.

“We are partially processing orders manually and gradually commencing shipments,” it said.

The maker of Asahi Super Dry, one of Japan’s most popular beers, has managed to resume operations at its six domestic beer factories.

It postponed the release of its financial results that had been planned for Nov 12.

Hacker group Qilin, believed to be based in Russia, issued a statement that Japanese media interpreted as an admission it was the perpetrator. AFP