Meetup — Ransomware's Secret Tunnel – How Ransomware Groups Hijack ESXi and NAS

Name: Meetup — Ransomware's Secret Tunnel – How Ransomware Groups Hijack ESXi and NAS
Start: 2025-03-18T18:30:00+08:00
End: 2025-03-18T21:00:00+08:00
Location: CyberSG TIG Collaboration Centre (formerly ICE71)

Hosted by Daria A. and 3 others

Division Zero (Div0) – Singapore Cybersecurity Community

Details

⚠️⚠️ RSVP on BOTH google form & meetup.
Google Form — https://forms.gle/2d8YxzuP1ztk4Vc58 ⚠️⚠️

—
AGENDA

6.30pm: Registration & Networking (30mins)
7.00pm: Introduction & Announcement (20mins)
7.20pm: "Ransomware's Secret Tunnel – How Ransomware Groups Hijack ESXi and NAS " by Aaron Hau and Renjie
Till Late: Networking

SPONSORS

VENUE SPONSOR: CyberSG TIG Collaboration Centre
F&B SPONSOR: Sygnia
DIV0 SUSTAINING OFFICIAL SPONSOR: Red Alpha Cybersecurity

ABSTRACT
In the last few years, ESXi hypervisors and Network Attached Storage (NAS) devices have been prime targets for ransomware groups for data exfiltration and encryption due to the data stored on them and their crucial role in business operations. Lately, Sygnia observed ransomware groups adopting novel methods leveraging ESXi hypervisors and NAS devices as network pivots to tunnel traffic and farther infiltrate corporate environments, evading detection and maintaining persistency within compromised environments by bypassing conventional security measures. These assets, are frequently overlooked in terms of security monitoring compared to other IT systems protected by EDR or Antivirus solutions, allowing the threat actor to achieve strong network foothold with minimal risk of detection. In the talk, we will deepdive into the first seen in the wild techniques used by the ransomware groups, which leverages these unmonitored assets as network pivots for covert operations. Including a demonstration of traffic tunnelling on ESXi infrastructure and provide insights into enhancing visibility to detect and hunt for such threats.

BIO
Zhongyuan Hau (Aaron) — Incident Response Expert, Sygnia
Aaron is a security researcher with more than four years of experience in various aspects of Cybersecurity including Incident Response, Red Teaming and Security Research. He is currently an Incident Response Expert with Sygnia, where he is part of the team that investigates security incidents ranging from advanced persistent threats (APTs) and ransomware attacks to data breaches.

Ren Jie Yow — Incident Response Expert, Sygnia
Ren Jie is an Incident Response Expert from Singapore, with over four years of experience in managing and mitigating information security incidents. He has successfully navigated a wide range of challenges, including ransomware attacks, data breaches, advanced persistence threats (APTs), and financial fraud.

IMPORTANT NOTICES
Code of Conduct: https://www.div0.sg/code-of-conduct
Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

Division Zero (Div0) – Singapore Cybersecurity Community

IIC Productions Pte Ltd

Red Alpha

CyberSG TIG Collaboration Centre

Meetup — Ransomware's Secret Tunnel – How Ransomware Groups Hijack ESXi and NAS

Division Zero (Div0) – Singapore Cybersecurity Community

Details

Related topics

Sponsors

IIC Productions Pte Ltd

Red Alpha

CyberSG TIG Collaboration Centre

You may also like