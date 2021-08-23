On August 11, 2021, an article published in Advanced-Intel reported findings of a ransomware group named 'Conti', who leverage the well-known IT management solution Atera as a Command and Control platform. It's been documented that adversaries have leveraged the 'Cobalt Strike' command line feature of Atera to access systems and execute other software to maintain continued access during a ransomware operation.

As a precautionary measure, the Datto Information Security Team recommends all MSPs evaluate their devices/endpoints for Atera agent activity and determine its legitimacy if necessary.

For MSPs using Datto RMM, we offer a monitor to check for the presence of this agent. The component (Atera Agent Monitor/Uninstaller [WIN]) is available in the ComStore and can be deployed immediately.

Now is a time to remain vigilant and take an active role in hardening systems against these now known tactics. To best equip MSPs against ransomware, Datto is providing Ransomware Detection for all Datto RMM partners through January 31st, 2022, at no additional cost. Additional information about the offer is available here.

Datto's Information Security Team remains committed to the MSP channel and supports MSPs as they strengthen cyber security, business continuity, and incident response efforts. Cyber resilience is an ongoing journey that requires constant vigilance and improvement.

For additional resources on ransomware prevention, visit:

