Last month, employees at Asahi Group Holdings - Japan's largest brewery - did something nobody under 40 expected to do at work: they grabbed paper, found pens, and started faxing.
The Qilin ransomware group hit over a weekend in September 2025. By Monday morning, every computer system was locked. All 30 factories shut down. Convenience stores across Japan warned customers about potential Super Dry shortages. Analysts estimated an 83% domestic profit hit if the outage continued.
Asahi's employees started taking orders by telephone and writing them out by hand. Some walked to customer offices to take orders in person. They relayed shipment instructions via fax to warehouses and distribution centers. Six breweries gradually restarted by early October. Many systems still aren't fully restored. The company has been operating primarily on paper and fax for weeks while IT teams rebuild what ransomware destroyed.
The Accidental Lifeline
Between June 2024 and September 2025, three major organizations faced crippling ransomware attacks. In each case, when digital systems went dark, fax machines and paper kept operations limping forward. Not because anyone planned it that way, but because the old infrastructure happened to still exist.
Fax machines run on separate phone lines. When ransomware encrypted computer networks, those analog channels remained untouched. Too old to hack.
In May 2024, an employee at Ascension Health accidentally downloaded a malicious file. Within hours, electronic health records went offline across 140 hospitals in 19 states, affecting 5.6 million patients. Hospitals started diverting ambulances. Pharmacies closed.
Nurses handwrote medication orders on systems they'd never been trained to use. One nurse described nearly giving the wrong narcotic dose to a baby. Another told NPR: "We are waiting four hours for head CT scan results on somebody having a stroke or a brain bleed."
Staff faxed orders to pharmacies. They received lab results via fax instead of through computer systems. They did this for 37 days while IT teams rebuilt the digital infrastructure from scratch. The first patient death linked to the incident was later confirmed.
In June 2024, Qilin targeted Synnovis, a pathology lab processing blood tests for seven major London hospitals. Lab technicians processed samples manually and transmitted results without computers. The lab stated that "almost all IT systems were affected" and "many of these processes have had to revert to paper and manual, rather than electronic, protocols."
Recovery took months.
Nobody Planned This
None of these organizations maintained fax infrastructure as a security strategy. It simply hadn't been removed. In Japan, strong existing fax culture meant the infrastructure was already in place. In US healthcare, fax remained common for pharmacy orders and lab communications. In NHS facilities, legacy protocols from before widespread computerization still existed on paper somewhere.
When digital systems failed, these analog channels provided a partial fallback. Not efficient. Not adequate. But functional enough to prevent complete operational collapse while organizations rebuilt their networks from scratch.
One employee clicking one link destroyed systems at 140 hospitals. The fax machines kept working because they existed on completely separate infrastructure that ransomware couldn't touch.
That baby nearly got the wrong dose. Brewery workers walked paper order forms between offices. Stroke patients waited hours for critical scans.
Fax didn't save these organizations. But it kept them from drowning completely while they rebuilt what criminals destroyed.
PayPerFax, a pay-per-use fax service, compiled these incidents as part of ongoing research into where fax infrastructure persists in modern organizations.
References
- Bloomberg (Oct 8, 2025): "Ransomware Gang Qilin Claims Hack That Crippled Beermaker Asahi"
- The Japan Times (Oct 4, 2025): "Asahi ships beer using paper and fax after ransomware attack"
- NPR (June 19, 2024): "Ransomware attack led to harrowing lapses at Ascension hospitals"
- Healthcare Brew (May 22, 2024): "Delayed care, closed pharmacies, hospitals on diversion"
- HIPAA Journal (Dec 20, 2024): "Ascension Ransomware Attack Affects 5.6 Million Patients"
- Synnovis (July 1, 2024): "Update on Cyber Incident"
- Digital Health (Jan 20, 2025): "Cyber attack cost Synnovis estimated £32.7m in 2024"
Media Contact
Company Name: Ediblesites Ltd
Contact Person: PayPerFax Media Team
Email:Send Email
Country: United Kingdom
Website: https://payperfax.com
