Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was pressured to take servers offline over the weekend to comprise an Akira ransomware assault.
The corporate offers information storage, infrastructure methods, cloud administration, and ransomware restoration companies to authorities entities and a number of the world’s greatest manufacturers, together with BMW, Telefónica, T-Cell, and China Telecom.
In a press release shared with BleepingComputer, Hitachi Vantara confirmed the ransomware assault, saying it employed exterior cybersecurity specialists to research the incident’s impression and is now engaged on getting all affected methods on-line.
“On April 26, 2025, Hitachi Vantara skilled a ransomware incident that has resulted in a disruption to a few of our methods,” Hitachi Vantara informed BleepingComputer.
“Upon detecting suspicious exercise, we instantly launched our incident response protocols and engaged third-party material specialists to assist our investigation and remediation course of. Moreover, we proactively took our servers offline to be able to comprise the incident.
“We’re working as shortly as potential with our third-party material specialists to remediate this incident, proceed to assist our prospects, and produce our methods again on-line in a safe method. We thank our prospects and companions for his or her persistence and suppleness throughout this time.”
Whereas the corporate did not hyperlink the assault to a particular risk group, BleepingComputer has realized that the Akira ransomware operation is behind the breach. A supply conversant in the matter additionally stated the ransomware gang stole information from Hitachi Vantara’s community and dropped ransom notes on compromised methods.
BleepingComputer was additionally informed that whereas the corporate’s cloud companies should not impacted, Hitachi Vantara methods and Hitachi Vantara Manufacturing had been disrupted as a part of the containment effort. Moreover, whereas Hitachi Vantara’s distant and assist operations are down, prospects with self-hosted environments can nonetheless entry their information as common.
A second supply informed BleepingComputer that the assault has additionally affected a number of initiatives owned by authorities entities.
Akira surfaced in March 2023 and shortly gained notoriety after claiming many victims worldwide throughout numerous industries. Since then, Akira has added over 300 organizations to its darkish internet leak web site and claimed a number of high-profile victims, together with Stanford College and Nissan (Oceania and Australia).
Based on the FBI, Akira ransomware collected roughly $42 million in ransom funds till April 2024 after breaching over 250 organizations.
Primarily based on negotiation chats seen by BleepingComputer, the gang’s ransom calls for vary from $200,000 to hundreds of thousands of {dollars}, relying on the compromised group’s measurement.
