In an update issued on Friday, Lion said: "We are now brewing, kegging, packaging and distributing beer at our nine major breweries across Australia and New Zealand."
The company first revealed that its systems had been attacked on 9 June and has been providing regular updates since then. The company is a subsidiary of the Japanese beverage giant Kirin. According to Wikipedia, it has about 7000 employees and its 2015 revenue was $5.6 billion.
The company said in the Friday statement: "All our dairy and juice sites are operational as well; and across many parts of our business customers are once again able to place orders and view their invoices online. We are working hard to get all of our customer ordering platforms operational as soon as possible and we thank our customers for their patience during this very challenging period.
"Despite this progress, we do still expect to see some further disruptions as we continue to restore systems. We will continue to work with our team of experts to complete this work as quickly as possible, minimising any further disruptions, including to supply."
The gang behind the attack has demanded a ransom of US$800,000 to decrypt the files that were encrypted during the incident.
As iTWire has reported, security sources said on 17 June that that the group had given Lion time until 19 June to pay up, and threatened to double the ransom after that.
Lion said: "The timing of this attack — just as the hospitality industry is trying to get back on its feet post COVID-19 closures — could not have been more challenging for Lion and our industry partners.
"As we progress our recovery efforts, it is our number one priority to get back to our usual high standards of service levels before this cyber attack, and support our many valued business partners in what we hope will be a better second half of 2020.
"To date, we still do not have evidence of any data being removed. As we indicated last week, it remains a real possibility that data held on our systems may be disclosed in the future. Unfortunately, this is consistent with these types of ransomware attacks."
It said expert teams were doing all they could to investigate and if any cases of data being taken or misused were identified, it would contact the affected individuals directly.