February 10, 2021

Improve Business Security with Ransomware Detection

By David Weiss
RansomwareDatto RMMDatto SIRIS

What is ransomware detection?

Ransomware is a type of malware that encrypts files and folders and demands payments from victims to decrypt them. Ransomware detection is a component of backup systems that can reduce the impact of an attack. By detecting an attack early, systems can be quickly isolated and recovered to prevent paying the attacker a ransom for decryption.

How to take a proactive security position with ransomware prevention.

Managed Service Providers (MSPs) face an increasing battle to keep their clients safe from ransomware. 70% of Managed Service Providers report that ransomware is the most common malware threat to small and medium sized businesses (SMB).

While the average ransom might seem relatively small at just $5,600, the downtime costs are devastating. The total downtime cost from an attack can be 50X greater than the ransom itself. Despite MSPs helping to educate clients and deploying the latest security solutions, sometimes ransomware still finds a way into systems. Solutions such as antivirus, email filtering, and ensuring that systems are patched certainly help, but the threat still remains.

If a system does get breached it’s vital to be able to recover quickly. 91% of MSPs report that clients with a business continuity and disaster recovery (BCDR) solution are able to significantly reduce downtime.

With Datto, MSPs can reduce downtime even further with our Ransomware Detection feature. Ransomware detection can alert managed service providers to take proactive steps that will minimize the ransomware impact.

Ransomware detection is one part of our systems’ powerful capabilities for enhancing security and recovery times for MSP clients. Datto RMM provides ransomware detection for MSPs, demonstrating our relentless focus on security.

Stay ahead with ransomware detection protection

Datto remote monitoring and management (RMM) enables MSPs to remotely monitor, manage and support every endpoint under contract.

Datto RMM now provides an extra layer of security with native ransomware detection. It enables MSPs to detect ransomware on endpoints using behavioral analysis of files. If ransomware is detected Datto RMM automatically sends alerts allowing MSPs to take proactive steps.

Upon detection, Datto RMM can notify the MSP immediately of the detection and can attempt to terminate the ransomware process and isolate the infected device to prevent the ransomware from spreading. This reduces downtime and saves MSPs having to wait for clients to flag possible infections. Ransomware detection within Datto RMM offers MSPs the ability to monitor ransomware at scale.


RMM Ransomware Detection offers MSPs these benefits:

  • Monitor for ransomware at scale. Datto RMM’s powerful policy-driven approach allows you to easily monitor targeted devices. It also enables you to specify what the monitor looks for prior to creating an alert (e.g. locations, extensions, priority of alerts).
  • Receive immediate notification when ransomware is detected. Instead of waiting for a user to report the issue, Datto RMM will automatically notify technicians the moment files start being encrypted by ransomware. Additionally, integrations with key MSP tools, such as Datto Autotask PSA, ensure the right support resources can be notified and tickets created immediately.
  • Prevent the spread of ransomware through network isolation. Once ransomware is detected, Datto RMM can automatically attempt to terminate the ransomware process and isolate the affected device from the network.
  • Remediate issues remotely. Devices automatically isolated from the network still maintain contact with Datto RMM, allowing technicians to take effective action to resolve the issue.

With Datto RMM’s ransomware notifications, network isolation and rapid recovery through Datto Continuity, you’ll be able to withstand a ransomware attack.

Request a demo of Datto RMM’s Ransomware Detection

Screenshot of Datto RMM Ransomware Detection Ticket

Benefits of Datto RMM Ransomware Detection

Datto is relentlessly focused on security, with solutions that keep MSPs ahead of ransomware. With ransomware detection, MSP’s can be alerted before ransomware does significant damage to a client’s business, enabling a faster response, preventing data loss and minimizing downtime.

Datto RMM ransomware detection features include:

  • Proactively identify crypto-ransomware threats before they do significant damage
  • Monitor for ransomware at scale and attempt to terminate the ransomware process and isolate the infected device from the rest of the network to prevent spread
  • Integrates with Datto SIRIS for rapid recovery from attacks to a previous backup

On top of the technology, Datto prides itself on being 100% channel-only delivering a true partnership with MSPs. That’s why all of our technology is backed by Datto’s renowned 24x7x365 direct-to-tech support.

How to get started with Datto RMM Ransomware Detection

Hold ransomware in check with Datto solutions. Detect ransomware early, enhance security, prevent data loss, and keep client downtime to a minimum.

Get in touch with Datto today to learn more about our ransomware protection solutions for MSPs.

Schedule a demo of Datto RMM

How to recover from ransomware with Datto BCDR

Datto SIRIS is an all-in-one disaster recovery solution built for MSPs to prevent data loss and minimize downtime for clients.

With Datto SIRIS, you have the ability to perform frequent granular snapshots of your clients’ data. Snapshots are possible for both physical servers and virtual machines (VM). This enables MSPs to recover at the recovery point of their choosing to reduce any data lost between backups.

Lastly, you can restore at the file level, not just the system level. This allows you to recover specific files that may have been corrupted by ransomware.

If ransomware strikes, SIRIS is able to perform an instant recovery by creating a virtualized copy of the server or VM. This enables end-user clients to carry on working. Additionally, it provides you time to locate the source of the attack before recovering the server back to full working order.

With Datto, you have two lines of defense. The first is the immutable Datto Cloud that protects backups from deletion or corruption. Secondly, SIRIS scans all backups for ransomware, giving you full confidence that you’re available to recover at any time.

SIRIS has no tiers or hidden costs for recovery, virtualization or data retention. All costs are established from Day One to protect both your data and your bottom line.

Request a demo of Datto SIRIS

Suggested Next Reads

What is a Zero-Day Vulnerability?

A zero-day vulnerability is a software flaw that is unknown to the vendor and subject to exploitation. Learn how to identify them and prevent zero-day attacks.