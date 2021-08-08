Conti Ransomware Gang Playbook mentions Atera RMM software. But the cloud software (widely used by MSPs) has not been compromised, Atera says.

A leaked Conti Ransomware Gang Playbook mentions a specific RMM (remote monitoring and management) software vendor that supports MSPs, but the RMM provider says its cloud-based software has not been compromised and remains secure.

Based on the leaked playbook, ethical hacker Vitali Kremez tweeted a warning for network administrators looking for Conti activity to “scan for unauthorized Atera Agent installations and Any Desk persistence,” ThreatPost reports.

Atera develops a cloud-based platform that spans RMM, PSA (professional services automation) and other software capabilities for MSPs and corporate IT professionals. Atera raised $77 million in Series B funding in July 2021, and serves roughly 7,000 customers across 90 countries.

Separately, AnyDesk Software of Germany provides remote desktop software.

Atera Perspectives on Conti Ransomware Gang Playbook

In a comment to ChannelE2E about the alleged ransomware playbook, Atera VP of Customer Success Sharon Peer said:

The “playbook” released that you are referencing speaks to the fact that bad actors have attempted to use remote solutions to maintain persistence to unsecured networks for illegal or illegitimate purposes. That said, Atera has not been compromised in any way and the platform remains secure. We are aware of the security threats in the industry and we continuously monitor to ensure our platform and our customers are secure. We encourage MSPs to follow proper security measurements, which we are continuously sharing with our community.”

What MSP-Focused Threat Intelligence Says

A third-party security expert in the MSP market reinforced Atera’s perspective. In a comment to ChannelE2E, Wes Spencer, CISO of co-managed threat detection and response provider Perch Security, said: