Hitachi Vantara has suffered a ransomware attack and service outage, taking its main datacenter offline.
A cybersecurity incident update statement says: “On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems” and to Hitachi Vantara Manufacturing.
The company took its servers offline in order to contain the incident and “engaged third-party subject matter experts to support our investigation and remediation process.” It is “working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner.”
The offline systems “will remain offline until we have validated it is safe to restore them and additionally, we have restricted inbound and outbound traffic to our main data center.” The company is: “currently unable to monitor our Hitachi Vantara storage array environments, and Hitachi Remote Ops and Support Connect are currently inaccessible.”
A Bleeping Computer report claims the Akira ransomware operation is behind the breach.
Akira-based attacks are one of the five most reported ransomware incidents, along with LockBit, RansomHub, Fog, and PLAY. Attackers typically gain network entry via phishing approaches and can then both exfiltrate and encrypt files. Cybersecurity Ventures estimates ransomware attacks will cost affected organizations $57 billion in 2025.
Hitachi offers a 100 percent data availability guarantee for its VSP One storage product line. It also says it provides the world’s fastest recovery, claiming that: “With the near-instant, automated, and predictable recovery solution pioneered by Hitachi and VM2020, businesses can recover thousands of VMs from immutable snapshots in hours – not days or weeks – and get production fully up and running as timely as business demands.”
The current attack has been ongoing for five days and Hitachi Vantara’s systems are still offline, possibly to contain the problem.
Hitachi Vantara’s recovery and remediation efforts with its third party experts are in their early stages. It said it does not yet know what information, sensitive or otherwise is affected, and will tell customers once it does know.
Hitachi’s statement adds: “Customers that are self-hosted can continue to access their data as normal. Importantly, we are able to accept support cases that are manually created and sent in via phone or email. However, we are currently unable to monitor our Hitachi Vantara storage array environments, and Hitachi Remote Ops and Support Connect are currently inaccessible.”
Support Connect is for Hitachi V partners. If they need to open a support case, they should “send an email to partner.support@hitachivantara.com.”
Bootnote
Bleeping Computer reports that “Commvault … says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data.”