On August 11, 2021, an article was published regarding findings of a ransomware group by the name of ‘Conti’, leveraging the well-known IT management solution Atera as a Command and Control platform. It has been documented that adversaries have leveraged the ‘Cobalt Strike’ command line feature of Atera to access systems and execute other software to maintain persistent access during a ransomware operation.
As a precaution, we are advising partners with Datto RMM to review their devices/endpoints for Atera agent activity and determine its legitimacy if necessary. Datto RMM has a built-in component to check for the presence of this agent.
The above-referenced article can be found here.
Again, this is a precautionary measure we recommend based on the aforementioned findings.
Datto remains committed to the MSP channel and to supporting you as you focus on strengthening your cyber security, business continuity, and incident response efforts. Cyber resilience is an ongoing journey that requires constant vigilance and improvement.
The Datto Information Security Team
I’m Josh, founder and CEO of DragonTech IT Services, Inc. I have been working with computers for about twenty years now. I started with doing my own repairs as a kid to now running full IT administration for dozens of small businesses. You can find me all over the web. 😛 Just search for DragonTech!