All-new: RMM Ransomware Detection for MSPs

December 15, 2020

All-new: RMM Ransomware Detection for MSPs

By Adrian Luh

In case you missed it, last week, we unveiled a game-changing feature for managed service providers (MSPs) using Datto RMM: Datto RMM Ransomware Detection.

By 2021, ransomware attacks are anticipated to cause £15 billion in damage, which is 57 times higher than in 2015. During an attack, the ransom demanded is roughly $5,600*, and what’s worse - the downtime after an attack can cost up to 50 times more than the ransom itself. RMM tools can play a crucial role in defending businesses against ransomware. Datto RMM Ransomware Detection works to protect small and medium businesses while adding value to the RMM service offering that Datto partners provide.

What is RMM Ransomware Detection?

Datto RMM Ransomware Detection complements other endpoint security applications such as antivirus packages to provide an extra layer of security and helps reduce the impact of a ransomware attack. It is a completely new behavioural-based engine, rather than a signature-based approach that compares files to a known database, that monitors for crypto-ransomware, and alerts MSPs when ransomware starts to encrypt files. This is different from ransomware detection which looks for the presence of ransomware in backups, which could be a significant amount of time after a ransomware attack occurs.

Once detected, Datto RMM attempts to stop the ransomware process and isolates the device from the network to prevent the ransomware from spreading to other devices. Native Ransomware Detection within Datto RMM enables MSPs to enhance their security posture and:

  • Monitor for ransomware at scale. Datto RMM’s powerful policy-driven approach allows you to quickly and consistently configure RMM Ransomware detection to monitor all your windows devices for ransomware.
  • Prevent the spread of ransomware. Once ransomware is detected, Datto RMM will automatically notify technicians the moment files start being encrypted by ransomware rather than waiting for a user to report the issue. RMM Ransomware Detection can automatically attempt to terminate the ransomware process and isolate the affected device from the network to reduce the impact of ransomware on the client.
  • Reduce time to remediation. Infected devices automatically isolated from the network still maintain contact with Datto RMM, providing contextual information enabling technicians to respond faster and take effective action, including recovering to a previous state with integrated Datto Continuity devices.

Datto’s RMM Ransomware Detection uses similar technology that has been in production on Datto Workplace for over a year and was successfully field-tested with a group of Datto RMM partners. In addition, the RMM Ransomware Detection engine was tested and validated by a world-leading, independent IT security testing firm which found it to have reliable detection rates and no false positives.


To learn more about how Datto RMM can help reduce the impact of a ransomware attack, and how you can receive RMM Ransomware Detection on your endpoints for free through March 2021, schedule a free demo of Datto RMM today.

*All survey respondents answered in U.S. dollars.

Relevant Articles

Subscribe to the Blog