All-new: RMM Ransomware Detection for MSPs

All-new: RMM Ransomware Detection for MSPs

By Adrian Luh

In case you missed it, last week, we unveiled a game-changing feature for managed service providers (MSPs) using Datto RMM: Datto RMM Ransomware Detection.

By 2021, ransomware attacks are anticipated to cause $20 billion in damage, which is 57 times higher than in 2015. During an attack, the ransom demanded is roughly $5,600, and what’s worse - the downtime after an attack can cost up to 50 times more than the ransom itself. RMM tools can play a crucial role in defending businesses against ransomware. Datto RMM Ransomware Detection works to protect small and medium businesses while adding value to the RMM service offering that Datto partners provide.

What is RMM Ransomware Detection?

Datto RMM Ransomware Detection complements other endpoint security applications such as antivirus packages to provide an extra layer of security and helps reduce the impact of a ransomware attack. It is a completely new behavioral-based engine, rather than a signature-based approach that compares files to a known database, that monitors for crypto-ransomware, and alerts MSPs when ransomware starts to encrypt files. This is different from ransomware detection which looks for the presence of ransomware in backups, which could be a significant amount of time after a ransomware attack occurs.

Once detected, Datto RMM attempts to stop the ransomware process and isolates the device from the network to prevent the ransomware from spreading to other devices. Native Ransomware Detection within Datto RMM enables MSPs to enhance their security posture and:

  • Monitor for ransomware at scale. Datto RMM’s powerful policy-driven approach allows you to quickly and consistently configure RMM Ransomware detection to monitor all your windows devices for ransomware.
  • Prevent the spread of ransomware. Once ransomware is detected, Datto RMM will automatically notify technicians the moment files start being encrypted by ransomware rather than waiting for a user to report the issue. RMM Ransomware Detection can automatically attempt to terminate the ransomware process and isolate the affected device from the network to reduce the impact of ransomware on the client.
  • Reduce time to remediation. Infected devices automatically isolated from the network still maintain contact with Datto RMM, providing contextual information enabling technicians to respond faster and take effective action, including recovering to a previous state with integrated Datto Continuity devices.

Datto’s RMM Ransomware Detection uses similar technology that has been in production on Datto Workplace for over a year and was successfully field-tested with a group of Datto RMM partners. In addition, the RMM Ransomware Detection engine was tested and validated by a world-leading, independent IT security testing firm which found it to have reliable detection rates and no false positives.


To learn more about how Datto RMM can help reduce the impact of a ransomware attack, and how you can receive RMM Ransomware Detection on your endpoints for free through March 2021, schedule a free demo of Datto RMM today.

Reduce the impact of crypto-ransomware with RMM Ransomware Detection

Datto RMM Product Manager, demonstrates how RMM Ransomware Detection monitors for the presence of ransomware in real time, attempts to terminate the ransomware process, and isolates infected devices from the network to prevent further spread

Read More

Suggested Next Reads

Subscribe to the Blog