Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack.
The company provides data storage, infrastructure systems, cloud management, and ransomware recovery services to government entities and some of the world’s biggest brands, including BMW, Telefónica, T-Mobile, and China Telecom.
In a statement shared with BleepingComputer, Hitachi Vantara confirmed the ransomware attack, saying it hired external cybersecurity experts to investigate the incident’s impact and is now working on getting all affected systems online.
“On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems,” Hitachi Vantara told BleepingComputer.
“Upon detecting suspicious activity, we immediately launched our incident response protocols and engaged third-party subject matter experts to support our investigation and remediation process. Additionally, we proactively took our servers offline in order to contain the incident.
“We are working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner. We thank our customers and partners for their patience and flexibility during this time.”
While the company didn’t link the attack to a specific threat group, BleepingComputer has learned that the Akira ransomware operation is behind the breach. A source familiar with the matter also said the ransomware gang stole files from Hitachi Vantara’s network and dropped ransom notes on compromised systems.
BleepingComputer was also told that while the company’s cloud services are not impacted, Hitachi Vantara systems and Hitachi Vantara Manufacturing were disrupted as part of the containment effort. Additionally, while Hitachi Vantara’s remote and support operations are down, customers with self-hosted environments can still access their data as usual.
A second source told BleepingComputer that the attack has also affected multiple projects owned by government entities.
Akira surfaced in March 2023 and quickly gained notoriety after claiming many victims worldwide across various industries. Since then, Akira has added over 300 organizations to its dark web leak site and claimed multiple high-profile victims, including Stanford University and Nissan (Oceania and Australia).
According to the FBI, Akira ransomware collected roughly $42 million in ransom payments until April 2024 after breaching over 250 organizations.
Based on negotiation chats seen by BleepingComputer, the gang’s ransom demands range from $200,000 to millions of dollars, depending on the compromised organization’s size.