Hitachi Vantara, a data infrastructure and cloud management subsidiary of Hitachi Ltd., shut down systems over the weekend to contain a ransomware attack linked to the Akira threat group.
Systems Taken Offline to Limit the Impact
The incident occurred on April 26, 2025, and led to service disruptions across Hitachi Vantara’s internal environment and some manufacturing operations.
In a statement shared, the company confirmed that servers were proactively taken offline after suspicious activity was detected.
“We immediately launched our incident response protocols and engaged third-party subject matter experts,” said the company. “We are working as quickly as possible… to bring our systems back online in a secure manner.”
The company said it is still assessing the impact and working to restore affected systems. Cloud services were reportedly unaffected, and self-hosted customer environments remain operational.
Akira Ransomware Group Responsible for the Breach
While Hitachi Vantara did not name the threat actor, it is confirmed that the Akira ransomware group was behind the breach.
According to a source familiar with the incident, attackers exfiltrated data and left ransom notes across compromised systems.
Another source said the attack has affected multiple government-related projects. Remote support operations remain down, but unaffected environments continue to function normally.
Akira’s History of High-Profile Ransomware Attacks
Akira ransomware emerged in March 2023 and has since compromised over 300 organizations, including Stanford University and Nissan in Oceania.
According to the FBI, Akira operations have generated $42 million in ransom payments across more than 250 breaches as of April 2024.
The group’s ransom demands range from $200,000 to several million dollars, depending on the targeted entity’s size and industry.
