The threat landscape continues to evolve, making ransomware recovery a critical component of organizational resilience. Ransomware attacks are proliferating to become the #1 cause of disaster recovery events. A ransomware attack occurs every 11 seconds1, costing its victims an average of close to $5 million in damages2.
Today, VMware is proud to announce the general availability of VMware Ransomware Recovery for VMware Cloud DRTM. Originally announced on August 30 at VMware Explore US, VMware Ransomware Recovery is a purpose-built ransomware recovery-as-a-service solution that enables businesses to recover from ransomware attacks faster and with more predictability and confidence. The solution delivers safe recovery by preventing reinfection of production workloads through its innovative use of an on-demand isolated recovery environment on VMware Cloud on AWS. Guided recovery workflows allow customers to quickly identify recovery point candidates, validate restore points using embedded behavioral analysis, and recover data with minimal loss.
Prevent reinfection at recovery
To prevent reinfection of production workloads, customers need to verify and recover data in an Isolated Recovery Environment (IRE). Traditional approaches require the user to build, secure, and manage their own Isolated Recovery Environments. With VMware Ransomware Recovery, we deliver an on-demand, VMware-managed Isolated Recovery Environment on VMware Cloud on AWS.
In addition, we have made it easy for customers to set VM isolation policies in the Isolated Recovery Environment. Customers can easily assign custom or pre-configured network isolation policies to VMs for a secure, controlled recovery. This removes the need for customers to manually configure firewall rules and VM isolation policies.
Confidently validate recovery points
As ransomware attacks continue to evolve and become more sophisticated, traditional scanning of offline backups has become ineffective at identifying advanced techniques, such as fileless attack methods. VMware Ransomware Recovery utilizes a more modern and effective approach to validating recovery points by running next-generation antivirus and behavioral analysis on powered-on workloads in an Isolated Recovery Environment. Customers do not need separate tools, as it automatically installs the security sensor, conducts behavioral analysis, and provides insights on security alerts triggered by anomalous activity, all within a single cloud-based workflow.
Streamline and automate recovery
Ransomware can dwell and continue to propagate in a customer’s environment for an extended period of time. This makes recovering from a ransomware attack particularly challenging. It often involves multiple teams, tools, and manual processes. To address these challenges, we have been intentional and purposeful in the way we designed VMware Ransomware Recovery. Customers can invoke a dedicated, end-to-end ransomware recovery workflow directly from the VMware Cloud DR Console. The workflow guides the customer step-by-step through the entire ransomware recovery process. It also allows the IT infrastructure team to work closely with the Security team. We surface insights such as data rate of change and file entropy to help customers identify good recovery point candidates. We then automatically perform behavioral analysis to validate those recovery points. Once assessed, recovery points can be “badged” to help the broader team predictably home in on the best restore point. Customers can then stage the clean restore point for production recovery.
“VMware Ransomware Recovery is breaking ground in the ransomware recovery-as-a-service space, delivering important capabilities including identification, validation and restore of recovery points in an on-demand IRE through a single cloud-based UI.”
Phil Goodwin, Research Vice President, IDC
VMware Ransomware Recovery builds upon the rich set of foundational capabilities that VMware Cloud Disaster Recovery has already been providing for ransomware recovery. These include immutable snapshots that are stored in an operationally air-gapped environment, instant VM power-on for rapid experimentation, file- and folder-level restore, and high-frequency snapshots.
Not only is ransomware here to stay, but it will also become more sophisticated, frequent, and complex over time. With VMware Ransomware Recovery, you can restore your operations faster, reduce data loss, and streamline IT operations.
Take the Next Step
VMware Ransomware Recovery is now available to all customers and partners. Let us help you accelerate ransomware recovery with VMware Ransomware Recovery. To learn more, visit our webpage and contact your sales representative or partner.
