Skip to main content
close search
site logo
Sponsored

From myths to margins: How MSPs can beat ransomware

Published Jan. 5, 2026
Digital art of cyber threat
Permission granted by Datto

Ransomware is the single biggest threat businesses face today. What was once opportunistic cybercrime has evolved into a multibillion-dollar industry with a professionalized ecosystem. From malware developers and access brokers to darknet forums and cryptocurrency laundering, ransomware has become an industrialized operation. Even those with minimal technical skill can now launch devastating attacks, thanks to a thriving underground marketplace offering Ransomware-as-a-Service (RaaS).

As the threat landscape expands, so does the attack surface. SMBs have become prime targets and are perceived as low-hanging fruit. Notably, it’s often outdated backup strategies that leave SMBs vulnerable. For instance, many ransomware strains lie dormant for months, bypassing retention. If a “time bomb” payload activates after 120 days and your backup retention only spans three months, you’re left without a clean restore point — and options.

In this article, we’ll dispel some of the most persistent backup myths that leave clients exposed and explore actionable strategies for building stronger, ransomware-resilient defenses.

Myth-busting: Why many backup strategies fail

The belief that backups alone offer foolproof protection against ransomware is dangerously misleading. Many MSPs discover this only after it’s too late.

Myth 1: ‘It can’t happen in the cloud.’

This myth likely stems from early ransomware variants that could only impact the infected system, not connected environments. However, today’s ransomware is far more sophisticated, targeting Software-as-a-Service (SaaS) applications like Microsoft 365 and Google Workspace, or cloud-hosted data in Azure. If a remote user’s device is infected, that same ransomware can reach and encrypt files stored in the cloud.

Myth 2: ‘Just restore from the backup.’

Restoring isn’t always viable. Attackers deploy time bombs, target backup repositories directly, encrypt files in phases and create long delays — all of which cripple clean recovery.

Add to that the cost of downtime: A business generating $10 million annually can lose over $55,000 in just one day of downtime — and that doesn’t include recovery costs or reputational damage.

Fig 1: The total cost of downtime

Myth 3: ‘Paying guarantees recovery.’

Paying the ransom might seem like a quick fix, but it’s a high-stakes gamble. According to a Ponemon Institute report, only 13% of companies that paid the ransom after an attack recovered all their data. Many receive only partial or corrupted files, if anything at all. Worse, paying once puts a target on your back. Threat actors often return with additional demands or reinfect your systems through backdoors left behind.

Even if data is returned, payment doesn’t resolve the root cause. You’ll still face downtime, cleanup and the cost of rebuilding trust. It can complicate cyber insurance claims and legal compliance. Recovery should never rely on a criminal’s word. It requires a proactive defense with immutable backups, endpoint protection and a solid incident response plan.

Datto: Built for MSPs, ransomware-resilient

What if ransomware hits one of your clients? Your team gets pulled off billable work, SLAs for other clients start slipping, and even if you warned the client months ago, you’re still the one taking the blame.

For lean MSPs that manage dozens of clients, one incident can disrupt your entire operation — hurting margins, trust and credibility. That’s why MSPs need a platform built for ransomware resilience, not one retrofitted after the fact.

And that’s exactly what Datto delivers with:

  • Hardened Linux-based appliances: Datto’s Linux-based infrastructure drastically reduces attack vectors compared to traditional Windows-based software.
  • Immutable cloud storage: In Datto BCDR Cloud, backups are stored in the write-once-read-many (WORM) format, making them unalterable by ransomware.
  • Built-in ransomware detection: Machine-learning-driven anomaly detection flags suspicious changes in backup data early and automatically.
  • Automated backup verification: Automated screenshot and application services verification ensure backups are recoverable.
  • Seamless integration with the IT stack: From Datto RMM and Autotask PSA to IT Glue and Datto EDR, leverage a complete IT ecosystem that enables faster, coordinated responses.

Datto integrates seamlessly with your broader security stack, complementing endpoint detection and response (EDR), two-factor authentication (2FA) and user awareness training to build a layered defense that strengthens overall resilience.

The strategic shift: From backup providers to continuity partners

As SMBs increasingly prioritize business resilience, MSPs must step beyond backup services and become trusted continuity partners.

To shift the conversation, you can adopt these proven strategies:

  • Align backup discussions with cyber insurance and compliance needs. Ask clients if they use immutable backups or maintain documented response plans. Insurance also often requires proof of regular backup testing. (Datto checks off all these.)
  • Offer ransomware readiness assessments
  • Set clear recovery time objective (RTO)/recovery point objective (RPO) expectations with mitigation plans tailored to business impact.

You can also use these consultative conversation starters to drive engagement:

  • “If your backups were encrypted today, could you recover without paying?”
  • “When was the last time your backups were fully tested?”
  • “Does your cyber insurance require specific backup capabilities?”

Translating technical insights into business value positions your MSP at the center of your clients’ continuity strategy.

The path forward

As ransomware continues to evolve, the winners will be the ones who plan. MSPs who challenge outdated beliefs, educate their clients and adopt purpose-built solutions like Datto will always stay a step ahead.

Want real-world success stories and field-tested tips from top MSPs leading the charge on business continuity? Visit the Datto MSP Content Hub.

Ready to partner with Datto and deliver unstoppable business continuity? Become a Datto Partner.

Filed Under: Security

Editors' pick

Read next
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2026 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.