Japanese minimalist retail giant Muji has shut down its online stores after its logistics partner Askul Corp became the victim of a ransomware attack.
Operating in Japan, China, Singapore, North America, Europe, and Australia, Muji sells minimalistic household items and clothing. It employs over 24,000 people and reports an annual revenue of over $4 billion. Owned by Yahoo! Japan Corporation, Askul is a logistics, B2B, and B2C partner for various high-profile Japanese retailers, including Muji, Loft, and Sogo & Seibu.
Muji began experiencing issues around 9 p.m. on Sunday, October 19, after its logistics partner Askul detected system failures due to a ransomware attack.
“Currently, a system failure has occurred due to a ransomware infection on the ASKUL website, and orders and shipments have been suspended,” the logistics company stated.
Ransomware attack on logistics partner halts online purchases
Muji initially warned that the ransomware attack on its logistics partner had disrupted all services. However, an update on Monday, October 20, 2025, clarified that the ransomware incident only affected online purchases and monthly subscriptions.
“The reality of interconnected ecosystems is that you can have spotless internal controls and still be taken offline by a partner’s ransomware,” warned Javvad Malik, Lead CISO Advisor at KnowBe4.
Meanwhile, Askul said it has launched an investigation to determine the scope and impact of the ransomware attack and whether it leaked personal and customer data.
“We are currently investigating the extent of the impact, including the possible leak of personal and customer data,” Askul said.
The logistics partner also published a list of the affected services that include new member registrations, the shopping cart, order shipment, returns, printing order details, cash register, mailing receipts, sending catalogs, applying for collection services, and important communications. Askul also warned that it would automatically cancel all orders which were not delivered by October 21, 2025.
“Customers don’t care whose network was hit, they only see that the service or product they need is unavailable and that impacts trust,” added Malik. “It’s why it’s important to map critical dependencies beyond IT to logistics and fulfilment, set minimum security baselines in contracts, and practice ‘supplier outage’ playbooks.”
So far, Muji and its logistics partner have not provided the expected date of restoration. Usually, a ransomware attack can take weeks or even months to resolve.
“We are working with Askul to restore operations, but the resumption date remains undetermined,” Muji warned.
However, Muji and Askul have apologized for the disruption and promised to provide prompt updates when they become available.
Other retailers impacted by disruption at logistics company
Meanwhile, the ransomware attack has affected other stores that rely on Askul for distribution besides Muji. Japanese household goods retailer Loft and department store chain Sogo & Seibu have confirmed being impacted by the Askul ransomware attack.
However, Muji’s international operations were likely unaffected as the attack only affected its domestic logistics partner.
“This is a different form of supply chain attack – the company is affected because a core service provider was compromised, rather than its own IT systems,” stated Martin Jartelius, AI Product Director at Outpost24. “It’s encouraging to see that Muji is taking preventive actions and already has contingency and communication plans in motion. This is the best way to fight ransomware: be prepared, recover quickly, work around disruptions, and avoid paying the groups behind them.”
So far, the identity of the cybercrime gang responsible for the Askul ransomware attack remains unknown, and no hacking group has claimed responsibility. The logistics partner has not disclosed whether the attacker has made any ransom demands. Usually, ransomware groups drop a ransom note on the encrypted devices stating their terms and the ransom amount.
“For the organization that suffered the direct breach, it’s still too soon to draw broader conclusions,” added Jartelius. “Neither the perpetrator nor the ransomware strain has been confirmed, and while there have been other major regional incidents recently, any link at this stage would be purely speculative.”
Ransomware attacks on Japanese large corporations are a frequent occurrence. In early October, Japanese brewing giant Asahi suffered an apparent ransomware attack that disrupted the distribution of some of the country’s favorite beverages, leading to shortages. It also halted the company’s anticipated launch of new product lines across the country.
Russian-speaking ransomware gang Qilin claimed responsibility for the Asahi cyber attack that potentially leaked personal data, according to the company’s latest assessment.
