Kowa Emori, a Japanese chemical and electronics materials trading company, disclosed a ransomware attack on January 7, 2026, that knocked out email systems and caused delays in order processing and shipments to customers.
A Japanese chemical and electronics materials trading company disclosed a ransomware attack that's disrupting order processing and shipments. Kowa Emori, a subsidiary of pharmaceutical giant Kowa Company, confirmed the January 7, 2026 incident in an official statement while withholding technical details to prevent further damage.
The company says it hasn't confirmed any data exfiltration yet, but investigations are ongoing with cybersecurity specialists. Kowa Emori is working to determine the full scope of the breach and what systems the attackers compromised.
The ransomware infection hit business systems, creating immediate operational problems. Order processing has slowed, and shipments to customers are running behind schedule. For a trading company that acts as an intermediary between chemical manufacturers and buyers, these delays affect multiple parties in the supply chain.
Kowa Emori acknowledged the impact on business partners in its official statement, apologizing for the disruption. The company is contacting affected customers individually as it identifies who's impacted by the delays.
The company published contact information for inquiries, directing business partners to reach their usual representatives.
Kowa Emori is holding back specifics about the attack—which ransomware variant hit them, how the attackers got in, or whether they've made ransom demands. The company cited security concerns, explaining that revealing attack details could enable further compromise.
This information vacuum is standard practice for ongoing ransomware incidents, but it leaves important questions unanswered. Without knowing the threat actor or their methods, other companies in similar industries can't assess whether they face the same risks.
The data exfiltration question matters most. Modern ransomware groups typically steal data before encrypting systems, using the threat of public leaks to pressure victims into paying. Kowa Emori says no breach is confirmed "at this time," but that phrasing suggests they're still investigating rather than ruling it out definitively.
Trading companies make appealing ransomware targets because they sit at critical supply chain junctures. Disrupting a trader affects both upstream suppliers and downstream customers, multiplying the pressure to restore operations quickly.
The chemical and electronics materials sector adds another layer of sensitivity. These companies handle technical specifications, pricing data, customer lists, and supply chain details that competitors would value. If attackers exfiltrated data before encrypting systems, they're sitting on potentially valuable intelligence.
Kowa Emori operates as part of the larger Kowa Group, known primarily for pharmaceuticals. The parent company's reputation and customer relationships create additional stakes beyond the direct operational impact.
Japan has seen increasing ransomware activity targeting manufacturing and trading companies over the past year. Attackers know these businesses often prioritize operational continuity over security investments, creating vulnerabilities they can exploit.
