Sora 2 Launches Today + Asahi Beer Halts From Ransomware: A Strange Tuesday for Builders and Buyers

September 30, 2025 was an odd day in tech news. OpenAI launched Sora 2 — a text-to-video model with synchronised audio, plus a social iOS app that lets you remix friends into your generations (openai.com Sora 2 announcement). Roughly the same 24 hours, Asahi Group Holdings — the maker of Super Dry, the beer in your nearest dive bar — got hit by Qilin ransomware. Order processing halted. Logistics frozen. 30 Japanese factories went dark. Production resumed only on October 2 (Asahi Group announcement). One story is about what builders can ship next month. The other is about what every CFO should ask their MSP today. This post covers both. ## The 60-second answer For the builder side: Sora 2 will reshape how Indian B2B brands produce explainer videos, sales decks, and product demos — but only after the rate-limit and pricing model stabilise. Plan a 4-week experiment, do not rip up your production pipeline yet. For the buyer side: ask your MSP three questions today — when was the last full restore test, how long does a tier-1 business app take to recover from cold backup, and is your offsite backup truly air-gapped or just "in another AWS region." If the MSP cannot answer in 5 minutes, that is the audit finding. ## Why these two stories belong in the same post They are the two faces of the same week in technology. Sora 2 is the new attack surface for content authenticity and brand trust — and a new toolkit for marketing teams. The Asahi ransomware is what happens when an established global manufacturer's operational technology and IT systems are not properly segmented and the recovery muscle has atrophied. Indian SMBs in 2026 will be making decisions about both at the same time. Pretending they are separate problems is how budgets get badly allocated. ## Part 1 — Sora 2 for Indian B2B brand video OpenAI's Sora 2 is meaningfully better than Sora 1 at three things: physics simulation, multi-shot narrative consistency, and synchronised audio. It is launched as a Sora iOS app (invite-only, US and Canada at launch) plus access through sora.com. ChatGPT Pro subscribers get higher-quality "Sora 2 Pro" generations. ### What you should actually do this month with Sora 2 Pick one low-stakes content category — internal training, sales-deck openers, or product-explainer drafts. Block 4 weeks. Measure quality, time-to-iteration, and cost per minute of finished video. Compare against your current pipeline. Decide based on numbers, not the marketing demos. What you should NOT do: rebuild your existing video production around it in October. The pricing and rate limits will change in the first 90 days. Indian payment-method support, language support, and watermarking standards are all still evolving. Wait one quarter before betting your H2 budget. ## Part 2 — Asahi ransomware and what your MSP should answer in 5 minutes Asahi Group Holdings — Japan's largest brewer, with operations in 30 countries — confirmed on September 29 that a cyberattack had disrupted systems. Order processing halted. Logistics paralysed. Call centres down. The company reverted to phone, fax, and handwritten orders. Within hours, all 30 Japanese factories stopped production. Six factories partially resumed on October 2. The Qilin ransomware group listed Asahi on its leak site on October 7, claiming 27 GB of stolen files. Subsequently confirmed: 1.5 million customer records and ~275,000 employee/family records exposed (Infosecurity Magazine, INCYBER NEWS follow-up). If you are a CFO or founder of an Indian SMB with revenue between ₹5 cr and ₹500 cr, the Asahi pattern is the one to study. It is not a sophisticated nation-state attack. It is a commodity ransomware campaign that landed because IT and OT systems were not segmented enough, recovery procedures had not been tested at scale, and the MSP relationship was based on uptime SLAs rather than recovery SLAs. ### The 5-minute conversation to have with your MSP today ### The numbers that should be in your MSP scorecard

Metric	Acceptable for SMB < ₹50 cr revenue	Acceptable for SMB ₹50-500 cr revenue
Recovery Time Objective (RTO) for tier-1 apps	8 hours	4 hours
Recovery Point Objective (RPO) — max acceptable data loss	4 hours	1 hour
Backup restore tests per year	2 (semi-annual)	4 (quarterly)
Air-gapped or immutable backup target	Yes — required	Yes — required, with second offsite copy
Tabletop incident exercises per year	1	2 minimum
MSP incident-notification SLA	4 hours	1 hour
Endpoint detection and response (EDR) coverage	100% of production endpoints	100% of all endpoints + servers

## The 4 things Asahi reportedly did NOT have in place Based on third-party reporting and the Qilin leak site disclosures (Bitdefender HotforSecurity, SecurityBrief Asia): 1. Sufficient IT-OT segmentation. Order-management systems and factory floor systems shared infrastructure. The ransomware that hit IT propagated to systems that controlled production scheduling. 2. Offline backups for the order-processing stack. Recovery required reverting to phone and fax — which suggests the digital order systems could not be restored from a clean state inside the recovery window. 3. Tested recovery for partner-facing APIs. Distributors and retailers could not place orders for several days. The B2B integration layer was not part of the rapid-recovery plan. 4. Adequate communications playbook. The customer notification ran for weeks after the attack — the data-breach scope was not fully understood until late November. A tested comms playbook would have shortened that window. Each of these is a gap an Indian SMB can audit for in their own stack today, for a few hours of effort. ## Pre-Diwali ransomware-readiness checklist Diwali falls on October 20-21, 2025 — three weeks from this post. Indian SMBs typically run skeleton ops in the festive week, and threat actors know it. Run this checklist before the team thins out.

• Tier-1 application restore tested in the last 90 days, signed off in writing
• RTO and RPO documented per business application; CFO has the spreadsheet
• Air-gapped or immutable backup confirmed (Wasabi, AWS S3 Object Lock, Backblaze B2 Object Lock)
• EDR (CrowdStrike, SentinelOne, Defender for Business) on 100% of production endpoints
• Incident-response runbook exists, last tabletop within 6 months
• MSP incident-notification SLA in writing; named after-hours contact at MSP
• Vendor (MSP, cloud, ISP) escalation contacts in a printed sheet, not just in email
• Cyber-insurance policy reviewed; deductible and ransomware-payment exclusions known
• Bitcoin payment policy decided in advance — pay/do-not-pay, by whose authority
• Off-network communication channel agreed (WhatsApp Business group, Signal, anything not Outlook)

## When NOT to overhaul your MSP relationship If your current MSP can answer the 5 questions above with documentation, you do not need a new MSP — you need to formalise the scorecard and re-test annually. Switching MSPs costs 2-4 months of disruption and a lot of evening calls. Save it for when the answers are bad, not when the relationship feels stale. If you are pre-revenue or under 10 employees, the right pattern is not an MSP — it is a single security-aware sysadmin (in-house or fractional) plus a managed EDR product. Your blast radius is small enough that the MSP overhead is wasted spend. ## A real example — a 80-person Hyderabad pharma distributor A pharma-distribution SMB in Hyderabad (₹140 cr revenue, 80 employees, 6 warehouses, custom SAP B1 + Tally stack) ran the 5-question MSP review with us in mid-September. Their MSP, a respected regional player, did well on three questions and badly on two. What they did well: EDR coverage, backup verification, named after-hours contact. What they did badly: no documented RTO/RPO per application (the MSP estimated; the CFO had no number), and no tabletop in 18 months. Total fix time: 4 weeks. Cost: 2 weekend tabletop sessions (₹40k MSP fee), 1 quarterly RTO/RPO documentation exercise (₹30k MSP fee), 1 immutable-backup-target migration to Wasabi (₹18k/year). Total: ₹88k/year recurring + ₹70k one-off. The CFO's exact framing: "for the price of two months of one mid-level engineer, I have insurance against the headline I do not want to see." For background on the broader pattern, see our 2025 piece on the Cloudflare outage runbook for India SaaS, which covers the same RTO/RPO discipline applied to a SaaS dependency rather than a self-hosted stack. Together they form the cluster on operational resilience. ## A founder note from our team Our founder Vivek Singh often says the hardest part of cybersec for an Indian SMB is not the tooling — it is the discipline of testing the recovery, repeatedly, when nothing has gone wrong. The Asahi attack is going to be a textbook case in MBA programs by 2027. The shortest version: even global manufacturers at scale fail this discipline test. The fix is dull, repetitive, and well-understood. Most teams do not do it because it is dull, not because they do not know how. For a complementary view on supply-chain risk, our recent post on the Salesloft-Drift OAuth breach SaaS-integration audit covers the connected-app dimension of the same problem. ## The Reddit pulse The r/blueteamsec subreddit has been actively documenting Qilin's tactics — the group has been particularly active against manufacturing and food-and-beverage targets through Q3 2025. Practitioners in those threads call out that Qilin uses commodity initial-access vectors (phishing + RDP) and only innovates on the encryption-and-extortion side. That makes them the perfect threat for SMB defenders: easy to defend against, brutal if you do not. The r/sysadmin community in October 2025 had multiple threads where MSP customers described their first ransomware-tabletop experience. The recurring lesson: the people who run the tabletop almost always say "I had no idea our recovery would take that long" the first time. For the Sora 2 angle, r/OpenAI threads on the launch focused on three things: invite scarcity, Pro-tier rate limits, and the cameo feature that lets you put a friend's likeness into a generation. The "friend's likeness" feature is the deepfake angle that connects to enterprise authenticity defences. ## FAQ ### Is Sora 2 available in India today? Not at launch (September 30, 2025). Initial rollout was US and Canada via the Sora iOS app and sora.com (invite-only). OpenAI typically expands to additional markets within 30-90 days for major launches. Indian access is most likely via sora.com on a ChatGPT Pro account before the iOS app launches in India. ### Can our marketing team start using Sora 2 production-ready? Not in October 2025. The right approach is a 4-week experimentation budget — pick one content type (internal training, draft sales-deck openers, product explainer drafts), measure quality and cost, decide in November. Production-ready integration into your H2 2026 plan should come after the rate limits and Indian-payment support stabilise. ### What is the difference between Sora 2 and Sora 2 Pro? Sora 2 is the standard tier. Sora 2 Pro (available to ChatGPT Pro subscribers) offers higher generation quality, longer clips, and higher rate limits. Pricing for non-Pro users at standalone tiers is still being clarified. ### What is "Qilin ransomware" — should our MSP know about it? Qilin (also called Agenda) is a Ransomware-as-a-Service operation that has been active since 2022. By Q3 2025 it has become one of the most prolific ransomware brands, with confirmed victims including healthcare, manufacturing, and food-and-beverage targets. Your MSP should track Qilin's known tactics in their threat-intelligence feeds and update detection rules accordingly. ### Should we pay a ransom if we are hit? Not without legal counsel and law-enforcement coordination. Ransomware payment is increasingly subject to OFAC-style sanctions if the threat actor is on a US/EU sanctions list. Indian SMBs should also engage CERT-In within 6 hours per the 2022 directives. The decision to pay is rarely the right one operationally — most paid ransoms still result in incomplete decryption. ### What is air-gapped backup in practice? A backup target that is either physically offline (tape, removable drive in a safe), or logically inaccessible from the production network for any operation other than write-once. AWS S3 Object Lock with compliance mode is logically air-gapped against ransomware — even with full root credentials, an attacker cannot delete the backup before its retention period expires. ### What is RTO vs RPO? RTO = Recovery Time Objective = how long after an incident you can have the system back up. RPO = Recovery Point Objective = how much data loss you can tolerate. A 4-hour RPO with hourly backups means you might lose up to 4 hours of data in a worst-case restore. The two numbers together drive your backup architecture choices. ### How do we know if our MSP is actually doing tabletops? Ask for the post-tabletop write-up. A real tabletop produces a document: scenario, participants, timeline, decisions made, gaps identified, action items with owners and due dates. If the MSP cannot produce one, the tabletop did not happen — or did not happen in a way that is auditable.