HQ/EMEAFind out how we can help your business
Hitachi Vantara, a subsidiary of the Japanese multinational conglomerate Hitachi, had to take servers offline over the weekend in response to an alleged Akira ransomware attack.
This affected company specialises in data storage, infrastructure systems, cloud management, and ransomware recovery services. It also caters to government entities and notable brands globally.
Based on reports, the firm confirmed the ransomware attack, indicating it has enlisted external cybersecurity specialists to examine the incident’s repercussions and is working to restore all affected systems.
Hitachi Vantara discovered the cybersecurity incident after detecting suspicious activities within its servers.
Hitachi Vantara reported a ransomware incident that disrupted some systems on April 26, 2025. It stated that upon detecting suspicious activity, it immediately initiated its incident response protocols and engaged third-party providers to help it with its investigation and restoration.
This immediate action is followed by the company’s decision to take down their servers offline to contain the situation.
The company assured the public that it is collaborating closely with its third-party experts to address the incident swiftly, support our customers, and restore our systems securely.
It also appreciated its customers’ and partners’ understanding and flexibility during this challenging period.
However, while the company has not directly linked the attack to a particular threat group, researchers have learned that the Akira ransomware operation is responsible for the breach.
An alleged source informed that the ransomware group extracted files from Hitachi Vantara’s network and left ransom notes on compromised systems.
Although researchers were informed that Hitachi Vantara’s cloud services remain unaffected, the containment measures have led to disruptions in Hitachi Vantara systems and Hitachi Vantara Manufacturing.
Furthermore, while remote support operations are currently down, customers using self-hosted environments can still access their data without issues. Another source further revealed that the attack has impacted several projects affiliated with government entities.
Akira ransomware, the purported orchestrator of the attack, has quickly gained notoriety by targeting various sectors worldwide.
As of now, it has added over 300 organisations to its dark web leak site, with high-profile victims globally.
