An Increasing Threat


It is anticipated that in 2021, ransomware attacks are going to cost in excess of $20 billion in damages. During which, if the estimates are correct, that’s a massive 57 times the amount caused in 2015. Furthermore, it takes on average 287 days to recover from a ransomware attack. That’s a long period of time, almost a year.


The amount of ransom demanded during an attack is about $5,600. But the effects of the attack can be felt in the hip pocket, many- many times over, due to business downtime. To clarify this point, it can cost a business 50 times more than the ransom alone.


So, we see ransomware attacks are an ever- increasing problem for businesses. But all this can be avoided or at least reduced as there are many tools available to help protect businesses from security threats and to reduce downtime.


For instance, remote monitoring and management (RMM) platforms have always played a vital role for managed service providers (MSPs). And are key to enabling us to protect our clients businesses by reducing downtime and security threats via real time monitoring and patching, to keep managed devices secure from known vulnerabilities.


Reduce the Risk of Ransomware


Helping us to remotely monitor, manage and support our clients is Datto RMM. It is a secure and fully featured cloud platform. And Datto RMM has these benefits:


  1. it now provides an extra layer of security with native RMM Ransomware Detection.
  2. monitors for the existence of crypto ransomware on endpoints, using behavioural analysis of files
  3. and alerts you when a device is infected.
  4. once detected, Datto RMM attempts to stop the ransomware process, and isolates the device to prevent the ransomware from spreading.



While RMM Ransomware Detection offers our clients these benefits:


Monitor for ransomware at scale The powerful policy-driven approach of Datto RMM allows us to easily monitor our clients targeted devices and specify what the monitor looks for, prior to creating an alert. For instance, priority of alerts, locations, & extensions.


Receive immediate notification when ransomware is detected. Datto RMM will automatically notify our technicians the moment files start being encrypted by ransomware, rather than waiting for a user to report the issue. After that, integrations with key MSP tools, like PSA, make certain the correct resources can be informed and we can generate tickets straight away.


Prevent the spread of ransomware through network isolation. Datto RMM will attempt to kill the ransomware process once it’s detected and can automatically isolate the compromised device from the network.


Remediate issues remotely. The devices that are now automatically isolated from the network still maintain in contact with Datto RMM. As a result, of being able to maintain contact with Datto RMM, work still be carried out by the technicians to resolve the issue.


Recover with Datto Continuity products.  In addition, technicians can quickly recover from the ransomware outbreak by restoring the impacted endpoint to a previous state. This can only happen when Datto RMM is integrated with Datto business continuity and disaster recovery (BCDR) products.


Datto RMM Ransomware Detection Requirements:


• An active Datto RMM subscription or trial


• Must be Managed devices (and not On Demand)


• Users will require the relevant permissions to add this monitor to a device or as part of a policy


• Use of the new Datto RMM UI


• Supported devices: currently supported Windows OS devices


Please visit to learn more about Datto RMM at


If you’d like to learn more about our Ransomware protection, please contact us

Want insights like this in your mailbox? Join our monthly mailing list

How can we make your business better with IT?