RTM – Remote Monitoring & Management (RMM) Tools

Topic: Ransomware Tool Matrix Focus: Remote Monitoring & Management (RMM) Tools An RMM (Remote Monitoring and Management) tool is a type of software used by IT professionals and managed service providers (MSPs) to remotely monitor, manage, and maintain IT systems,…

ransomware_gangs_love_rmm_tools_resized

Topic: Ransomware Tool Matrix

Focus: Remote Monitoring & Management (RMM) Tools

An RMM (Remote Monitoring and Management) tool is a type of software used by IT professionals and managed service providers (MSPs) to remotely monitor, manage, and maintain IT systems, networks, and devices. These tools are designed to improve the efficiency of IT operations by enabling technicians to handle tasks from a centralized location without the need for physical access to client devices.

By operating through legitimate RMM channels, attackers can evade detection by blending in with regular IT activities and potentially bypass security measures due to the elevated privileges these tools provide.

 

Last Updated: 9/10/2024

Tool Name Known Threat Actor Usage
Action1LockBit, MONTI
AnyDeskBlackSuit, Royal, Akira, BlackCat, Karakurt, LockBit, Rhysida, AvosLocker, Conti, Dagon Locker, Nokoyawa, Quantum, Diavol, Trigona, BlackByte, Cactus, Lapsus$, Black Basta, MONTI, DarkSide, RagnarLocker, RansomHub, Everest
AteraBlackSuit, Royal, AvosLocker, BianLian, Conti, Hive, Quantum, RansomHub, Black Basta, Everest
ASG Remote DesktopScattered Spider
GoToAssistDarkSide, Royal
ITarianScattered Spider
LogMeInBlackSuit, Royal, Trigona
ManageEngineRMMScattered Spider
N-AbleScattered Spider, RansomHub
NetSupportCuba, EvilCorp, Black Basta
PDQ DeployAvosLocker
PowerAdminVice Society
RadminAkira
RustDeskAkira, Scattered Spider
ScreenConnectBlack Basta, BlackCat, LockBit, Scattered Spider, Hive, Trigona, Medusa, Yanluowang, RansomHub
SimpleHelpBlackCat
SorillusScattered Spider
SplashtopBlack Basta, LockBit, AvosLocker, BianLian, Scattered Spider, Hive, Quantum, Conti, Trigona, RansomHub, Cactus, Everest
SyncroRoyal
TacticalRMMAvosLocker, Scattered Spider
TeamViewerLockBit, BianLian, Scattered Spider, Trigona, Yanluowang
TightVNCScattered Spider, DarkSide
ZohoAssistLockBit, Scattered Spider

RELATED

Executive Summary – Continued Attacks on USA Law Firms

By Eric Taylor | January 16, 2025

Executive Summary A cybercriminal operating under the alias CeFarir0ne has put up for sale unauthorized Remote Desktop Protocol (RDP) access to an…

Executive Summary – Shadow Syndicate

By Eric Taylor | January 15, 2025
,

Executive Summary In late 2024, Darktrace identified multiple instances of RansomHub ransomware attacks linked to the ShadowSyndicate threat group. ShadowSyndicate,…

BianLian Data Extortion Group – Updated Advisory

By Eric Taylor | November 21, 2024

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber…