Hitachi Vantara, the enterprise IT subsidiary of Japanese multinational Hitachi, confirmed it was hit by a ransomware attack over the weekend, prompting a shutdown of several systems to contain the damage. In a statement shared, Hitachi revealed that the incident occurred on April 26, 2025, and led to immediate activation of incident response protocols.
The company enlisted external cybersecurity experts to assist in investigating the breach and containing its spread. “We are working as quickly as possible with our third-party experts to remediate the incident, support our customers, and securely restore our systems,” Hitachi Vantara said, adding that they appreciate customers’ patience during the disruption.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
The attack primarily impacted Hitachi Vantara’s internal systems, with customer cloud services reportedly unaffected. However, disruption extended to remote operations and manufacturing systems, affecting some ongoing projects linked to government entities.
Akira Ransomware Group Behind the Attack
Although Hitachi Vantara did not publicly name the attackers, multiple sources confirmed that the Akira ransomware gang was responsible. The notorious ransomware group allegedly stole sensitive files and left ransom notes across compromised systems.
Akira, which first emerged in early 2023, has built a fearsome reputation by attacking over 300 organizations globally, including Stanford University and Nissan’s Oceania operations. According to the FBI, Akira collected around $42 million in ransom payments by April 2024.
It was reported that the ransomware group’s demands vary widely, ranging from $200,000 to millions of dollars depending on the victim’s size and the data compromised. While no ransom amount has been officially disclosed in Hitachi’s case, the nature of the breach suggests a significant extortion attempt.
Operational Impact and Ongoing Recovery Efforts
While Hitachi Vantara emphasized that customers using self-hosted environments could still access their data, the internal disruptions are considerable. The company’s official website is currently offline for maintenance, and many customer support and remote access services remain unavailable.
Sources indicate that while the attack did not affect cloud infrastructure directly, some government projects managed by Hitachi Vantara faced collateral impact due to the containment measures. The firm is now working with cybersecurity experts to assess the full extent of the breach, fortify defenses, and bring affected systems back online securely.
This incident highlights ongoing vulnerabilities in the IT services sector, especially as ransomware gangs like Akira continue to adapt and target high-value enterprises globally. Hitachi Vantara’s response and transparency in managing this cyberattack will be closely watched, particularly given its significant client base across critical industries such as automotive, telecom, and government services.