Ransomware has become an everyday threat that no business can afford to ignore. What used to be the domain of skilled cyber criminals is now a multibillion-dollar industry accessible to anyone with a Wi-Fi connection. Open-source ransomware kits and Ransomware-as-a-Service (RaaS) models have lowered the barrier to entry, making it easier than ever to launch attacks. Cybersecurity Ventures predicts that ransomware will cost its victims around $265 billion annually by 2031, with a new attack occurring every two seconds.
As the threat accelerates, small and midsized businesses (SMBs) that threat actors once overlooked have become prime targets. SMBs often lack the layered defenses or vast resources of larger enterprises, making it easier for attackers to compromise them. For managed service providers (MSPs), this presents both a pressing challenge and a strategic opportunity. According to the State of the MSP Industry 2025 Look Ahead report , 44% of SMBs cite rising cyber-risk concerns as a key reason for working with an MSP. However, to meet rising client expectations and build long-term trust, MSPs need a reliable backup and disaster recovery solution that can effectively defend against ransomware and other cyber threats.
That’s where Datto BCDR can save the day. Purpose-built for MSPs, this comprehensive business continuity and disaster recovery (BCDR) platform enables MSPs to help their clients quickly recover from ransomware attacks and continue business as usual. In this article, we’ll discuss the evolving nature of ransomware and how Datto BCDR is becoming a game changer for MSPs in their battle against ransomware.
Meanwhile, do you want to know the latest trends, challenges and growth opportunities shaping the MSP world? Datto surveyed over 1,000 MSPs worldwide to create the State of the MSP Industry 2025 Look Ahead report — an essential read for every IT provider looking to stay ahead. Download it now.
How ransomware is scaling faster than most businesses can handle
The year 2024 marked a turning point in the operations of ransomware groups, bringing a new level of reach, organization and aggressiveness. According to the Q4 Travelers’ Cyber Threat Report , 55 new ransomware groups emerged in 2024 alone, reflecting a 67% increase compared to the previous year. That growth isn’t just on paper, though. Ransomware leak site activity also hit a record high, with 1,663 victim data leaks posted in Q4 alone.
Alongside this surge in volume, ransomware techniques are evolving to become more deceptive, efficient and dangerous. Threat actors are no longer just breaking in — they’re blending in. One of the most alarming developments is the misuse of legitimate tools and software. Remote monitoring and management (RMM) platforms and remote access tools, often used by IT professionals to support clients, are now being exploited to launch ransomware campaigns. In one notable case, Microsoft revealed that attackers misused its Quick Assist remote assistance tool to deploy the Black Basta ransomware strain.
As ransomware becomes a daily reality, so do its consequences. The operational, financial and reputational fallout from such an attack can be devastating, especially for SMBs. For many, surviving it can be nearly impossible.
Why traditional backups are no longer enough
Unfortunately, traditional backup strategies are failing dangerously in the face of modern ransomware. These legacy approaches were designed for a different era, one where accidental deletions and hardware failures were the primary concerns. However, ransomware is a beast of its own and necessitates a more comprehensive strategy.
Let’s look at some reasons why traditional backups are falling short.
On-site vulnerability : Threat actors often target backups first, knowing they’re the last line of defense. Traditional setups that store backups on the same network or on-premises systems leave them just as exposed as primary data. Once ransomware breaches the network, both production data and backups can be encrypted or deleted, forcing businesses to consider paying the ransom.Irregular backup frequency : Most traditional systems run backups once daily or during off-peak hours, leaving hours of unprotected data at risk. In a ransomware attack, that gap can translate into lost productivity, missed opportunities and revenue that can’t be recovered.Slow recovery times : Even if the data is backed up, getting it restored quickly is another story. Traditional recovery processes can take hours — or worse, days — to fully restore systems and data.
How MSPs can guarantee fast recovery for their clients
When ransomware hits, recovery speed can make the difference between a minor disruption and a full-scale crisis. MSPs who want to keep their clients protected and operational need to go beyond basic backup and adopt a comprehensive business continuity approach.
Keep these strategies in mind for quick and effective recovery:
1) Frequent backups minimize data loss
The shorter the recovery point objective (RPO), the less data a business stands to lose during an attack. Frequent backups ensure that data is captured regularly. In a ransomware event, this means clients can restore with minimal data loss — and not scramble to rebuild hours or even days of missing work.
2) Backup immutability keeps data secure
To effectively defend against ransomware, backups must be protected from tampering. MSPs should focus on two key areas:
First, backups should be separated from the production environment. For example, in a Windows-based IT setup, using a Linux-based backup appliance helps avoid attacks that exploit Windows-specific vulnerabilities, adding a critical layer of protection.
Second, backups must be stored off-site, off-network and in secure cloud environments. This isolation ensures attackers can’t access or encrypt backup data, even if they breach the local network. Cloud-based, immutable storage makes it virtually impossible for attackers to modify or delete recovery points, giving MSPs a clean, untouchable copy to rely on when it matters most.
Figure 1. Backup Storage
3) Virtualization enables fast recovery
While having backups is essential, recovery speed is equally critical. To keep the recovery time objective (RTO) as low as possible during an attack, MSPs should be able to spin up the client’s infrastructure:
Locally, using on-site backup devices to quickly restore operations on the premises.
In the cloud, leveraging remote infrastructure if local systems are compromised or inaccessible.
In a hybrid model, where some systems are virtualized locally while others are restored via the cloud, depending on performance needs and recovery priorities.
2) Regular testing builds real confidence
Backups are only as good as their ability to restore. To ensure true recoverability, MSPs must actively verify and test their backups and restores.
Backup verification confirms that recovery points are complete, usable and bootable. This helps MSPs catch issues early before they turn into failed recoveries. Disaster recovery (DR) testing goes a step further, validating that systems can be restored in the correct order and that dependencies between machines, applications and services are met. It ensures the recovery process is aligned with real-world needs.
How Datto BCDR delivers ultimate ransomware defense
When it comes to protecting clients from ransomware and ensuring fast, reliable recovery, Datto BCDR sets the benchmark. Purpose-built for MSPs, Datto BCDR combines hardened, Linux-based backup appliances with immutable cloud storage and layers in powerful capabilities like built-in ransomware detection and automated backup verification. It’s a comprehensive solution that enables MSPs to restore business operations with speed and confidence.
Back up as often as every five minutes : With Datto BCDR, MSPs can schedule backups as often as every five minutes, enabling extremely short RPOs. This ensures that in the event of an attack, only minutes of data are at risk, not hours or days.Speedy recovery with Inverse Chain Technology™ : Traditional incremental backups are vulnerable by design. If one link in the chain is corrupted, the entire recovery process can fail. Datto’s Inverse Chain Technology™ eliminates this risk by enabling each recovery point to be independent and fully constructed. This significantly improves recovery reliability and speed, helping MSPs meet tight RTOs even in high-pressure ransomware scenarios.Local and cloud virtualization for seamless continuity : Datto BCDR makes it possible to recover systems instantly, whether on-site or in the cloud. MSPs can boot backup images directly from the local appliance to maintain operations during an outage. If on-prem systems are compromised, recovery can shift to the Datto Cloud with seamless cloud-based virtualization.
Figure 2. Datto BCDR
Unmatched reliability : The Datto Cloud supports thousands of MSP partners across the globe, annually powering:
Over 230,000 file and system restores.
More than 105,000 instant virtualizations.
Average RTO? Less than six minutes, with more than 40% of virtualizations completed in under two minutes.
Testing and recovery readiness : Datto BCDR makes verification and disaster recovery testing simple and proactive with:
Automated screenshot verification that proves backups boot correctly.
Application-level verification that ensures key apps are ready to run after restoration.
1-Click DR and DR testing in the Datto Cloud so that MSPs can run full-scale disaster recovery simulations quickly and easily. Clone proven configurations from tested configurations for seamless recovery in a live DR event.
How MSPs beat ransomware with Datto
MSPs worldwide rely on Datto to rescue their clients from devastating ransomware attacks.
19 TB recovered, business saved: All in under two hours
When a ransomware attack shut down a large architectural firm, every second counted. “Every billable hour to them was worth $800,” says Jermaine Clark, VP of Operations at Techify . The breach came through a document printer, crippling access to over 19 TB of business-critical data. However, with Datto BCDR, Techify restored the firm’s operations in under two hours, ensuring the client was back in service and running for their clients.
“When you think about how you can utilize Datto BCDR, it is amazing” — Jermaine Clark
Rapid recovery without paying a dime: A hospitality success story
A 180-room luxury hotel faced a nightmare when ransomware locked up nine of ten servers and 30 workstations, freezing operations and putting guest trust at risk. Linda Kuppersmith, CEO at CMIT Solutions Stamford, turned to Datto’s instant virtualization, restoring critical systems locally and in the cloud.
“The client was skeptical that recovery could be achieved without paying the considerable ransom. We stated we were confident it would take nowhere near that time.” — Linda Kuppersmith (and she was proved right by Datto)
350 users, 44 servers, 6 states — 0 client impact
A firm with operations across eight locations in six states was blindsided by a ransomware attack early on a Saturday morning due to a Microsoft Exchange vulnerability. With 350 users impacted and operations at a standstill, the pressure was on. Doug Bates, President at CMIT Solutions Atlanta , quickly deployed Datto BCDR to take control of the situation. In less than 36 hours, Datto helped them restore 44 servers and all affected sites. By Monday morning, the business was fully operational with zero impact on their clients.
“Datto BCDR works like a charm for us. It’s phenomenal,” — Doug Bates
Protect clients. Preserve revenue. Partner with Datto!
Today, businesses expect more than backups — they expect business continuity. For MSPs, ensuring clients can recover quickly from cyber threats like ransomware is critical to protecting revenue, reputation and long-term trust.
From instant virtualization to secure cloud failover, Datto BCDR simplifies ransomware recovery and gives MSPs the tools to restore operations before downtime takes its toll. Don’t let ransomware hold your clients hostage. Become a Datto Partner and guarantee fast, reliable recovery today.
About the author: Adam Marget serves as Product Marketing Manager at Unitrends, a Kaseya company, a leader in data center backup and disaster recovery solutions. An experienced technical marketing professional, Adam has been a member of the Unitrends team since 2016, during which time he’s held several roles at the company. Driven by a love and curiosity for technology, he’s been delighted to have been afforded the opportunity help both end users and channel partners solve challenges around disaster recovery and business continuity. Prior to joining Unitrends, Adam worked with national IT solutions provider CDW where he leveraged a variety of partner solutions to help his customers achieve their goals across backup, networking, security, power & cooling, endpoint and data center technologies.
Edited by
Erik Linask
