The company that decided the smartest thing to do about ransomware is to assume it already won - and plan the comeback.
Above: the red "r" that quietly sits in a few thousand enterprise data centers, hoping you never have to think about it.
It is 3 a.m. somewhere, and a hospital's screens have gone dark. The files are encrypted. A ransom note blinks. Somewhere in that same building, a quiet piece of software made by a company called Rubrik is already doing the only thing that matters now: bringing the data back.
This is the world Rubrik lives in. Not the glamorous front line of firewalls and threat intelligence, but the messy aftermath - the hours after the breach when an organization discovers whether it has a business left to run. Rubrik sells the boring-sounding promise that, yes, you will. Backup and recovery, dressed up as a security product, and selling extraordinarily well.
Headquartered in Palo Alto, public on the New York Stock Exchange since 2024, and sitting on $1.46 billion in subscription ARR as of early 2026, Rubrik has spent a decade arguing one stubborn point: that preventing attacks is necessary, but recovering from them is what actually keeps the lights on. The market, eventually, agreed.
For years, cybersecurity was an arms race at the perimeter. Better firewalls. Smarter endpoint detection. Taller walls. The logic was tidy: keep the attackers out, and you keep your data safe. The logic was also, increasingly, wrong.
Attackers stopped trying to break the walls and started walking through the doors with stolen credentials. And once inside, they went straight for the one thing every organization quietly depends on and rarely protects properly - the backups. Encrypt the live systems, corrupt the backups, and a company has no fallback. That is the moment ransomware stops being an IT problem and becomes an existential one.
Rubrik's founders looked at this and saw a category that hadn't been invented yet: not backup, not security, but the unglamorous overlap where the two meet. Data resilience. The assumption baked into everything: you will be breached. The only question is how fast you stand back up.
In 2014, Bipul Sinha was a partner at Lightspeed Venture Partners - the comfortable side of the table, writing checks rather than cashing them. Then he did the unusual thing and left to start the company himself. The pitch he reportedly sketched out was less a product than a conviction: data was about to sprawl across clouds faster than anyone could secure it, and someone needed to make it recoverable by default.
He didn't build it alone. The founding team read like a who's-who of infrastructure engineering: Arvind Nithrakashyap (CTO), who had built real-time ad infrastructure at Microsoft and storage systems at VMware; Soham Mazumdar (Chief Architect), a veteran of Google and Facebook data-center work; and Arvind Jain, a Distinguished Engineer out of Google. Four people who had spent careers learning how data actually breaks at scale, betting they could make it un-break.
Co-founder & CEO. Former Lightspeed partner who left venture capital to found the company he wished he could invest in.
Co-founder & CTO. Built distributed storage and database systems at VMware and ad infrastructure at Microsoft.
Co-founder & Chief Architect. Data-center engineering veteran of Google and Facebook.
Co-founder. Distinguished Engineer at Google with over a decade in infrastructure.
The name "Rubrik" comes from rubrica - the red headings monks once used to mark the passages that mattered most. A backup company named after the art of not losing the important parts. On the nose, and they know it.
At the center sits Rubrik Security Cloud - a single platform protecting data wherever it lives: on-premises servers, the big three public clouds, and SaaS apps like Microsoft 365 and Salesforce. The defining trick is the immutable backup: a copy of your data that, by design, cannot be altered or deleted, even by an attacker who has stolen the keys to everything else. If the live systems fall, the clean copy is still standing.
Around that core, Rubrik has stacked the rest of the resilience toolkit: anomaly detection that flags the telltale fingerprints of ransomware, blast-radius analysis to show exactly what an attack touched, sensitive-data discovery, and orchestrated mass recovery to bring systems back in the right order. In 2023 it added Ruby, a generative-AI companion built on Azure OpenAI that walks a stressed security team through an incident step by step - without the data ever leaving Rubrik's environment.
The Zero Trust core - one unified platform for on-prem, cloud, and SaaS data.
Air-gapped copies attackers can't encrypt, delete, or tamper with.
Anomaly detection, blast-radius analysis, and orchestrated mass restore.
Generative-AI guide for detection and recovery - data stays in-platform.
Data Security Posture Management - find and classify sensitive data, cut risk.
Securely govern enterprise data for AI, integrated with Google Agentspace.
For a long stretch, "assume you'll be breached" was a contrarian sales pitch. Now it's a line item on a lot of balance sheets. Rubrik crossed $1 billion in subscription ARR and kept climbing to $1.46 billion by the end of FY2026, with total Q4 revenue up 46% year over year. Roughly 2,805 customers pay it at least $100,000 a year - the kind of spend that doesn't survive a tool people don't actually use.
Approximate, drawn from reported quarterly figures.
Source: Rubrik investor relations / quarterly results, FY2024-FY2026.
Behind the chart sits an ecosystem. Microsoft is both a strategic investor and the cloud under Ruby. Google Cloud hosts Rubrik Annapurna's secure-AI ambitions. AWS, CrowdStrike, and Zscaler round out the integrations. And Gartner has named Rubrik a Leader in backup and data protection six years running - the sort of repeat-recognition that's hard to fake.
Rubrik states its purpose plainly: to secure the world's data and help organizations achieve cyber resilience - the ability to recover their data, applications, and operations quickly after an attack. Strip away the category jargon and it's a simple human idea. The hospital should be able to treat patients. The bank should be able to move money. The breach should be a bad day, not a final one.
That mission is now bending toward AI. The same data Rubrik protects is the data enterprises want to feed into AI models - and that data is sensitive, sprawling, and easy to leak. The 2025 acquisition of Predibase and the Annapurna work with Google signal where the company thinks the next fight is: not just recovering data after an attack, but governing it safely as machines start to read and act on it.
Return to that hospital at 3 a.m. A decade ago, the dark screens were close to the end of the story - a scramble of tape backups, prayers, and lawyers. Today, in the buildings where Rubrik runs, the screens go dark and then, often within hours, they come back. The clean copy was untouchable. The recovery was rehearsed. The ransom note becomes a footnote in an incident report rather than the headline in a bankruptcy filing.
Rubrik didn't make cyberattacks go away. Nobody can. What it did was reframe what surviving one looks like - and built a billion-dollar business on the unglamorous conviction that the comeback matters as much as the defense. The walls will still get breached. The lights, increasingly, stay on.
Assume the breach. Plan the comeback.