The Gately Report: VMware Zeroes In On Ransomware Recovery

Ransomware recovery as soon as possible is critical after an attack, and VMware is constantly focused on decreasing the time from attack to recovery.

That’s according to Mark Chuang, VMware’s head of product marketing for cloud storage and data. We spoke with him during last week’s VMware Explore conference.

“We’ve been on the journey for the last two years in terms of helping customers deal with modern ransomware attacks and specifically the type that are using fileless techniques,” Chuang said. “So here at Explore Vegas, we announced additional innovations on top of our existing ransomware-as-a-recovery service in order to continue to shorten the amount of downtime by accelerating the recovery rates.”

VMware Ransomware Recovery aims to recover from fileless attacks using behavioral analysis of powered-on virtual machines (VMs) in cloud-based isolated recovery environments (IREs). The solution has been shown to resolve unplanned downtime up to 75% faster, according to VMware.

Ransomware Recovery Enhancements

At VMware Explore, VMware announced that its Ransomware Recovery now includes concurrent multi-VM recovery operations to further reduce customer downtime. Also, VMware will allow customers to run production workloads in the cloud until forensics are completed and the on-premises data center is fortified. That will be available in the third quarter of fiscal 2024.

Additionally, VMware unveiled a technology preview of cybersecure storage that will integrate recovery workflows with native vSAN snapshots for data transfer optimizations. VMware Ransomware Recovery is also expanding VMware Cloud service support to include protection of workloads in Google Cloud VMware Engine.

Chuang details what should take place once an organization is hit with a ransomware attack.

VMware’s Mark Chuang

“Within an organization, collaboration between the security and infrastructure team is paramount in any sort of response, although once data has been encrypted, the infrastructure team typically takes the lead on restoration of systems and applications, and services,” he said. “So I think step one is getting all the right teams together. Step two is you need to start figuring out when the organization believes is the window in which the attack actually came into the environment. It’s very different from natural disasters where you know exactly when that took place. You actually have to do a lot of forensics to figure out when did this ransomware actually get into our environment because if you restore a recovery point that still has that ransomware dormant but is already there, then you would just be back to square one again.

“So VMware is providing different tools to help the infrastructure team work with the security team to try to identify where that window is that they believe the attack first came in,” he added. “They need to identify that window because you need to find a more pristine state from before the attack actually came in. So that would be some of the very first steps.”

Scroll through our slideshow above for more from Chuang from VMware Explore and more cybersecurity news.