Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was pressured to take servers offline over the weekend to include an Akira ransomware assault.
The corporate supplies knowledge storage, infrastructure techniques, cloud administration, and ransomware restoration providers to authorities entities and a few of the world’s largest manufacturers, together with BMW, Telefónica, T-Cellular, and China Telecom.
In an announcement shared with BleepingComputer, Hitachi Vantara confirmed the ransomware assault, saying it employed exterior cybersecurity specialists to analyze the incident’s influence and is now engaged on getting all affected techniques on-line.
“On April 26, 2025, Hitachi Vantara skilled a ransomware incident that has resulted in a disruption to a few of our techniques,” Hitachi Vantara advised BleepingComputer.
“Upon detecting suspicious exercise, we instantly launched our incident response protocols and engaged third-party material specialists to help our investigation and remediation course of. Moreover, we proactively took our servers offline with the intention to include the incident.
“We’re working as shortly as potential with our third-party material specialists to remediate this incident, proceed to help our clients, and produce our techniques again on-line in a safe method. We thank our clients and companions for his or her persistence and suppleness throughout this time.”
Whereas the corporate did not hyperlink the assault to a particular risk group, BleepingComputer has discovered that the Akira ransomware operation is behind the breach. A supply conversant in the matter additionally stated the ransomware gang stole recordsdata from Hitachi Vantara’s community and dropped ransom notes on compromised techniques.
BleepingComputer was additionally advised that whereas the corporate’s cloud providers should not impacted, Hitachi Vantara techniques and Hitachi Vantara Manufacturing had been disrupted as a part of the containment effort. Moreover, whereas Hitachi Vantara’s distant and help operations are down, clients with self-hosted environments can nonetheless entry their knowledge as traditional.
A second supply advised BleepingComputer that the assault has additionally affected a number of tasks owned by authorities entities.
Akira surfaced in March 2023 and shortly gained notoriety after claiming many victims worldwide throughout varied industries. Since then, Akira has added over 300 organizations to its darkish internet leak web site and claimed a number of high-profile victims, together with Stanford College and Nissan (Oceania and Australia).
In accordance with the FBI, Akira ransomware collected roughly $42 million in ransom funds till April 2024 after breaching over 250 organizations.
Primarily based on negotiation chats seen by BleepingComputer, the gang’s ransom calls for vary from $200,000 to tens of millions of {dollars}, relying on the compromised group’s dimension.
