Hitachi Vantara takes servers offline after Akira ransomware attack

Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, has been forced to take servers offline to contain a ransomware attack by the Akira ransomware operation. 

The incident occurred on April 26, 2025 and resulted in significant disruption to some of the company's systems and services. Hitachi Vantara detected suspicious activity on their network and as a containment measure proactively took servers offline to prevent further spread of the infection. The company has engaged third-party cybersecurity experts to support their investigation and remediation process.

Cloud services remain unaffected but both Hitachi Vantara systems and Hitachi Vantara Manufacturing operations have been disrupted as part of the containment efforts. Remote and support operations are currently unavailable. Customers with self-hosted environments can still access their data normally.

The  number of affected systems, the full scope of the data theft and number of affected individuals has not been disclosed.

While Hitachi Vantara did not officially attribute the attack to any specific threat group in their statement, sources familiar with the matter confirmed to BleepingComputer that the Akira ransomware operation is responsible for the breach. The ransomware gang reportedly stole files from Hitachi Vantara's network and deployed ransom notes on compromised systems.

Hitachi Vantara has stated they are "working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner."