On April 26, 2025, Hitachi Vantara, the Santa Clara, California-based data infrastructure subsidiary of Japan's Hitachi Ltd., suffered a ransomware attack linked to the Akira threat group. In response, the company shut down key servers and internal systems to contain the breach, affecting manufacturing operations and support capabilities. Though Hitachi Vantara's cloud services remain online, internal disruptions are ongoing as cybersecurity experts work to assess the damage and restore affected infrastructure.
The Akira ransomware group, active since March 2023, has targeted over 300 organizations worldwide using double extortion tactics—encrypting data while also stealing and threatening to publish it. Sources confirmed Akira deployed ransom notes on Hitachi Vantara’s systems and exfiltrated sensitive files. The attack also impacted projects involving U.S. government clients. The FBI previously reported Akira has extracted over $42 million from its victims, with demands ranging from $200,000 to several million dollars, depending on the size and profile of the targeted entity.
