The Gately Report: VMware Zeroes In On Ransomware Recovery

Plus, two Danish hosting firms have been nearly shut down by ransomware attacks.

Edward Gately, Senior News Editor

August 28, 2023

12 Slides

Ransomware recovery as soon as possible is critical after an attack, and VMware is constantly focused on decreasing the time from attack to recovery.

The-Gately-Report-logo.jpgThat’s according to Mark Chuang, VMware’s head of product marketing for cloud storage and data. We spoke with him during last week’s VMware Explore conference.

“We’ve been on the journey for the last two years in terms of helping customers deal with modern ransomware attacks and specifically the type that are using fileless techniques,” Chuang said. “So here at Explore Vegas, we announced additional innovations on top of our existing ransomware-as-a-recovery service in order to continue to shorten the amount of downtime by accelerating the recovery rates.”

VMware Ransomware Recovery aims to recover from fileless attacks using behavioral analysis of powered-on virtual machines (VMs) in cloud-based isolated recovery environments (IREs). The solution has been shown to resolve unplanned downtime up to 75% faster, according to VMware.

Ransomware Recovery Enhancements

At VMware Explore, VMware announced that its Ransomware Recovery now includes concurrent multi-VM recovery operations to further reduce customer downtime. Also, VMware will allow customers to run production workloads in the cloud until forensics are completed and the on-premises data center is fortified. That will be available in the third quarter of fiscal 2024.

Additionally, VMware unveiled a technology preview of cybersecure storage that will integrate recovery workflows with native vSAN snapshots for data transfer optimizations. VMware Ransomware Recovery is also expanding VMware Cloud service support to include protection of workloads in Google Cloud VMware Engine.

Chuang details what should take place once an organization is hit with a ransomware attack.


VMware’s Mark Chuang

“Within an organization, collaboration between the security and infrastructure team is paramount in any sort of response, although once data has been encrypted, the infrastructure team typically takes the lead on restoration of systems and applications, and services,” he said. “So I think step one is getting all the right teams together. Step two is you need to start figuring out when the organization believes is the window in which the attack actually came into the environment. It’s very different from natural disasters where you know exactly when that took place. You actually have to do a lot of forensics to figure out when did this ransomware actually get into our environment because if you restore a recovery point that still has that ransomware dormant but is already there, then you would just be back to square one again.

“So VMware is providing different tools to help the infrastructure team work with the security team to try to identify where that window is that they believe the attack first came in,” he added. “They need to identify that window because you need to find a more pristine state from before the attack actually came in. So that would be some of the very first steps.”

Scroll through our slideshow above for more from Chuang from VMware Explore and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like