Do Son 
Hitachi Vantara's website under maintenance (BleepingComputer)
A major ransomware incident has struck the infrastructure of Hitachi Vantara, a subsidiary of the Japanese conglomerate Hitachi. In an effort to contain the attack’s impact, the company was forced to manually shut down part of its servers over the past weekend.
Hitachi Vantara provides cloud infrastructure management, data storage, and ransomware recovery services to government agencies and major international brands, including BMW, Telefónica, T-Mobile, and China Telecom. Ironically, the company now finds itself among the very victims it is tasked with protecting.
The incident occurred on April 26, 2025. Representatives of Hitachi Vantara confirmed the attack, stating that incident response protocols were immediately activated following the detection of suspicious activity. External cybersecurity experts have been engaged to assist with the investigation. As part of the containment measures, company servers were manually taken offline.
Although the perpetrators were not officially named, informed sources suggest that the Akira ransomware group is behind the attack. The hackers not only disabled parts of Hitachi Vantara’s systems but also exfiltrated files from the company’s internal infrastructure. Compromised devices were found bearing the group’s characteristic ransom notes.
It is known that the company’s cloud services remained unaffected; however, disruptions were reported within the Hitachi Vantara Manufacturing division and certain internal systems. Remote support services were also impacted. Despite the incident, clients utilizing locally deployed solutions continue to access their data without interruption.
According to a secondary source, projects involving government clients may have been affected, though specific details have not yet been disclosed.
The Akira group first emerged in March 2023 and quickly gained notoriety for its widespread attacks across diverse sectors. According to the FBI, by April 2024, Akira had compromised more than 250 organizations and collected approximately $42 million in ransom payments. Previous high-profile victims include Stanford University and Nissan operations in Australia and Oceania.
The ransom amounts demanded by the group vary according to the size of the target, ranging from $200,000 to several million dollars. In addition to encrypting data, Akira is infamous for employing double extortion tactics—threatening to publish stolen data on the dark web if victims refuse to cooperate.
At present, efforts to restore Hitachi Vantara’s infrastructure are ongoing. The company emphasizes that it remains in close communication with clients and is doing everything possible to safely bring its systems back online. Although the situation is under the supervision of cybersecurity specialists, the consequences may prove to be long-lasting, given the nature of the affected assets and the scale of the company’s operations.
