Hitachi Vantara has suffered a ransomware attack and service outage, taking its main datacenter offline.
A cybersecurity incident update statement says: “On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems” and to Hitachi Vantara Manufacturing.
The company took its servers offline in order to contain the incident and “engaged third-party subject matter experts to support our investigation and remediation process.” It is “working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner.”
The offline systems “will remain offline until we have validated it is safe to restore them and additionally, we have restricted inbound and outbound traffic to our main data center.” The company is: “currently unable to monitor our Hitachi Vantara storage array environments, and Hitachi Remote Ops and Support Connect are currently inaccessible.”
A Bleeping Computer report claims the Akira ransomware operation is behind the breach.
Akira-based attacks are one of the five most reported ransomware incidents, along with LockBit, RansomHub, Fog, and PLAY. Attackers typically gain network entry via phishing approaches and can then both exfiltrate and encrypt files. Cybersecurity Ventures estimates ransomware attacks will cost affected organizations $57 billion in 2025.
Hitachi offers a 100 percent data availability guarantee for its VSP One storage product line. It also says it provides the world’s fastest recovery, claiming that: “With the near-instant, automated, and predictable recovery solution pioneered by Hitachi and VM2020, businesses can recover thousands of VMs from immutable snapshots in hours – not days or weeks – and get production fully up and running as timely as business demands.”
The current attack has been ongoing for five days and Hitachi Vantara’s systems are still offline, possibly to contain the problem.
Hitachi Vantara’s recovery and remediation efforts with its third party experts are in their early stages. It said it does not yet know what information, sensitive or otherwise is affected, and will tell customers once it does know.
Hitachi’s statement adds: “Customers that are self-hosted can continue to access their data as normal. Importantly, we are able to accept support cases that are manually created and sent in via phone or email. However, we are currently unable to monitor our Hitachi Vantara storage array environments, and Hitachi Remote Ops and Support Connect are currently inaccessible.”
We asked Hitachi Vantara some questions about the attack:
Blocks & Files: Has the company anything further to say about the attack and its progress in recovering from it?
Hitachi Vantara: “To expedite bringing our systems back online in a secure manner and return to business as usual, our team has retained external advisors who specialize in recovery from these types of cyber incidents. At this time, we do not have any evidence of lateral movement to our customers’ environments, and we have no reason to believe that it occurred. We have not detected any threat actor activity since April 27, and we have heightened monitoring of our systems.”
Blocks & Files: Could you say, how the attackers evaded or side-stepped Hitachi Vantara’s formidable defenses against data corruption, for example, with VSP One and its cyber resilience guarantee…
Hitachi Vantara: “We continue to investigate the root cause of this incident with the support of third-party subject matter experts.”
Blocks & Files: Might I assume that the malware corrupted data in this attack was not stored on a VSP One system?
Hitachi Vantara: “While the investigation is ongoing, to date, there is no evidence to suggest a VSP One system was impacted by this incident.”
Blocks & Files: What advice would Hitachi Vantara give to its customers about forestalling such vile ransomware attacks?
Hitachi Vantara: “It would be premature to comment at this stage, given the investigation is ongoing and evolving, which is customary in these types of matters. These processes take time to complete in order to provide an accurate and full picture.”
Just to be clear, this is a vile attack on Hitachi Vantara’s systems, and the company is reacting and responding decisively and well to the malware introduced into its systems by dreadful people.
****
Support Connect is for Hitachi V partners. If they need to open a support case, they should “send an email to partner.support@hitachivantara.com.”
Bootnote
Bleeping Computer reports that “Commvault … says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data.”
