December 15, 2020

All-new: RMM Ransomware Detection for MSPs

By Adrian Luh
IT ManagementRemote Monitoring And Management (RMM)

In case you missed it, last week, we unveiled a game-changing feature for managed service providers (MSPs) using Datto RMM: Datto RMM Ransomware Detection.

By 2021, ransomware attacks are anticipated to cause $20 billion in damage, which is 57 times higher than in 2015. During an attack, the ransom demanded is roughly $5,600, and what’s worse – the downtime after an attack can cost up to 50 times more than the ransom itself. RMM tools can play a crucial role in defending businesses against ransomware. Datto RMM Ransomware Detection works to protect small and medium businesses while adding value to the RMM service offering that Datto partners provide.

What is RMM Ransomware Detection?

Datto RMM Ransomware Detection complements other endpoint security applications such as antivirus packages to provide an extra layer of security and helps reduce the impact of a ransomware attack. It is a completely new behavioral-based engine, rather than a signature-based approach that compares files to a known database, that monitors for crypto-ransomware, and alerts MSPs when ransomware starts to encrypt files. This is different from ransomware detection which looks for the presence of ransomware in backups, which could be a significant amount of time after a ransomware attack occurs.

Once detected, Datto RMM attempts to stop the ransomware process and isolates the device from the network to prevent the ransomware from spreading to other devices. Native Ransomware Detection within Datto RMM enables MSPs to enhance their security posture and:

  • Monitor for ransomware at scale. Datto RMM’s powerful policy-driven approach allows you to quickly and consistently configure RMM Ransomware detection to monitor all your windows devices for ransomware.
  • Prevent the spread of ransomware. Once ransomware is detected, Datto RMM will automatically notify technicians the moment files start being encrypted by ransomware rather than waiting for a user to report the issue. RMM Ransomware Detection can automatically attempt to terminate the ransomware process and isolate the affected device from the network to reduce the impact of ransomware on the client.
  • Reduce time to remediation. Infected devices automatically isolated from the network still maintain contact with Datto RMM, providing contextual information enabling technicians to respond faster and take effective action, including recovering to a previous state with integrated Datto Continuity devices.

Datto’s RMM Ransomware Detection uses similar technology that has been in production on Datto Workplace for over a year and was successfully field-tested with a group of Datto RMM partners. In addition, the RMM Ransomware Detection engine was tested and validated by a world-leading, independent IT security testing firm which found it to have reliable detection rates and no false positives.


To learn more about how Datto RMM can help reduce the impact of a ransomware attack, and how you can receive RMM Ransomware Detection on your endpoints for free through March 2021, schedule a free demo of Datto RMM today.

Tried and Tested by MRG Effitas

In addition, prior to its release, Datto commissioned MRG Effitas, a world-leading, independent IT security efficacy testing and assurance company trusted by anti-malware vendors across the world, to evaluate RMM Ransomware Detection and compare it to leading AV tools offering similar capabilities.

Tests performed by MRG Effitas include In-the-Wild Real Ransomware tests, False Positive Tests, Ransomware Simulator Tests, and a Performance Test. After weeks of rigorous testing of Datto RMM’s native Ransomware Detection, MRG Effitas provided us with the following results:

  • In-the-Wild Real Ransomware Test: 100% of live, in-the-wild ransomware samples from recent campaigns were detected by Datto RMM Ransomware Detection.
  • False Positive Test: Allowed 100% of benign, mass modification processes, which resemble ransomware activity, tested against to run, and experienced no false blocks in the False Positive Test.
  • Ransomware Simulator Test: Detected and blocked 100% of in-house samples containing valid attack methods used by ransomware implementing traditional encryption methods and common evasion techniques.
  • Performance Test: Impacted performance of managed workstations minimally (bootup time, browser operations, etc), and had the lowest performance impact of the products tested against.

To learn more about how Datto RMM Ransomware Detection can help you protect client endpoints by adding another layer of security to traditional AV products to reduce the impact of crypto-ransomware, chat with a product specialist today.

Suggested Next Reads

Elevate Autotask Tickets With IT Glue Checklists

Streamline IT support with Autotask checklists. Empower Level 1 technicians to handle repetitive tickets efficiently, reducing escalations and improving service quality.