"We have not been in touch with the attacker," CEO Atsushi Katsuki told a news conference as the company again delayed the release of financial results.

"Even if we had a ransom demand, we would not have paid it," he said.

The maker of Asahi Super Dry, one of Japan's most popular beers, said on September 29 that it was hit by a cyberattack. It clarified on October 3 that it had been a ransomware attack.

Usually in such an incident, online actors use malicious software to lock or encrypt a victim's systems and then demand payment to get them up and running again.

The firm said the hackers could have accessed or stolen identity data -- such as names and phone numbers -- of about two million people, including customers, employees and their families.

Asahi did not discuss details of the attacker at the news conference but later told AFP by email that outside experts had pointed to a high possibility of involvement by the hacker group Qilin. 

The group, which is believed to be based in Russia, issued a statement that Japanese media interpreted as a claim of responsibility.

"We thought we had taken full and necessary measures (to prevent such an attack)," Katsuki said. 

"But this attack was beyond our imagination. It was a sophisticated and cunning attack."

Asahi had already delayed the release of third-quarter earnings and said on Thursday that full-year results had also been postponed.

These and further information on the impact of the hack "on overall corporate performance will be disclosed as soon as possible once the systems have been restored and the relevant data confirmed", the company said.

- 'Why our firm?' -

"Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologise for the continued inconvenience and appreciate your understanding," it said.

Output at Asahi's 30 domestic factories was not directly affected by the system shutdown but production had to stop because of the company-wide problem.

The brewer said early last month that production at six beer factories had resumed, while it was processing orders by hand in an effort to avoid potential drinks shortages.

It will start restoring electronic ordering systems from early December, with an aim to nearly normalise the situation by February, Asahi said Thursday.

The company needed to proceed carefully to make sure the attack does not spread to others, including its business partners and clients, Katsuki said.

"Why our firm? I have no idea," he said. "We are angry."

Other global brands have recently experienced similar attacks.

Indian-owned Jaguar Land Rover was forced to seek emergency funding after a damaging cyberattack halted operations at its British factories.

Japanese retailer Muji said in October that it had stopped its domestic online shopping service after a ransomware attack on delivery partner Askul.

A survey released in June found that a third of Japanese businesses had experienced cyberattacks of some sort.

"Japan has always been a little bit complacent in terms of cybersecurity," said Renata Naurzalieva, director of Japan operations at business development consultancy Intralink.

High-profile cases are "a terrible thing" but "I do hope that it opens the eyes for the wider sector that -- guys, you need to up your game", she told AFP.

"A lot of Japanese companies... when they think about investment in cybersecurity, they still try to justify the return on investment," Naurzalieva said.

But "it's not the return on investment that you're looking for, it's, 'can it protect my assets, can it protect my network data'."

hih-stu/aph/dan/pbt