Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

Is a ransomware attack a data breach?

1 min read
Last updated Oct 14, 2022


    Ransomware is a loss of control

    Most IT people equate exfiltration of data from their network as the point at which control is lost and a data breach has occurred. They think of it like “where are the bits” and if your user database is being passed around the internet via bittorrent and sold off for a .0001 BTC an account you clearly have lost control.

    What’s not so obvious is that ransomware (or any form of malware infection) represents a loss of control of the data within your network and that constitutes a data breach.

    The proper way to consider it is if a malicious person wandered into your office, walked past the receptionist and security guard, got on the elevator down to the basement, unlocked the door to the server room, logged into your main file server with some stolen admin credentials, encrypted 10,000 random files that your users rely upon for their work and then walked out.

    If someone were to perpetrate the above physical attack on your facility it would clearly represent a loss of data control. However, too many sysadmins wrongly consider a ransomware attack as purely internal and not a data breach.

    A good conceptual way to think about it as a breach of your control systems, not a breach of the network itself.

    Most of the per state data breach response guidelines clearly are modeled after HIPAA regulations which explicitly classify ransomware as a data breach:

    The presence of ransomware (or any malware) on a covered entity’s or business associate’s computer systems is a security incident under the HIPAA Security Rule. A security incident is defined as the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.


    A ransomware attack is a data breach and organizations should treat it as such.

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.

    Free Data Risk Assessment

    Join 7,000+ organizations that traded data darkness for automated protection. Get started in minutes.