Hitachi Vantara, a subsidiary of Japanese conglomerate Hitachi, had to take servers offline last weekend. This was due to a ransomware attack by the Akira group.
Hitachi Vantara provides services such as data storage, infrastructure systems, cloud management, and solutions for recovery after ransomware attacks. Its customers include government agencies and major brands such as BMW, Telefónica, T-Mobile, and China Telecom.
In a statement to BleepingComputer, Hitachi Vantara confirmed that it had been the victim of a ransomware incident. The company reported that it had engaged external cybersecurity specialists to investigate the impact of the attack. Work was underway to restore the affected systems.
Hitachi Vantara detected suspicious activity on April 26, 2025. The company then initiated emergency procedures. External experts were called in to assist with the investigation and recovery. As a precaution, they took the servers offline to limit further damage.
The company emphasized that it is doing everything in its power to work with the experts it has called in to restore the systems securely and provide the best possible support to its customers. It also thanked its customers and partners for their understanding and flexibility in this situation.
Akira most likely perpetrator
Although Hitachi Vantara did not explicitly name the group responsible, BleepingComputer learned that the Akira group is behind the attack. Sources indicate that these hackers stole files from the company network and left ransom notes on infected systems.
It is reported that Hitachi Vantara’s cloud services were not affected by the attack, but that internal systems and production environments were hit. Customers using self-hosted environments can still access their data as normal. However, the company’s support and external services are partially down.
Another source told BleepingComputer that several government projects have also been affected by this attack.
The Akira group emerged in March 2023 and quickly gained notoriety by claiming numerous victims worldwide in a variety of sectors. Since then, more than 300 organizations have been listed on their dark web leak platform, including prominent names such as Stanford University and Nissan in Oceania and Australia.
Millions paid in ransom
According to the FBI, Akira received approximately $42 million in ransom payments by April 2024. This was the proceeds from attacks on more than 250 organizations. Negotiations seen by BleepingComputer show that ransom demands vary between $200,000 and several million dollars, depending on the size of the affected organization.