You can configure a recovery plan for ransomware recovery with integrated vulnerability and security analysis.

In a recovery plan, select the 'Activate ransomware recovery' option to use the plan for ransomware recovery or ransomware recovery tests. Running a plan for a ransomware recovery test is the same as running a ransomware recovery plan, except that a ransomware recovery test has no option to recover VMs to a protected site.

When you activate ransomware recovery in a plan, VMs in the plan are charged for ransomware recovery for VMware Cloud DR. For more information on costs, see https://www.vmware.com/products/cloud-disaster-recovery.html and click the Pricing tab.
Note: For more details on creating and setting up a recovery plan, see Configure Recovery Plans.
When you click either the Ransomware Recovery or Ransomware Test buttons in the recovery plans list, you make VMs in the plan available for ransomware recovery.
Note: If you configure test network mappings for a recovery plan, and the plan is activated for ransomware recovery, the plan will use the test network mapping by default when you run the plan.

Configuring ransomware for a recovery plan requires choosing from the following options: Recovery plan ransomware configuration page.

  • Activate ransomware recovery. Enable ransomware recovery for the plan. When you save the plan, you start being charged for ransomware recovery for all VMs protected by a recovery plan.
  • Use integrated analysis. Enable integrated security and vulnerability analysis for VMs in the plan. When you run the plan and start VMs for recovery, VMware Cloud DR installs a security sensor on VMs, which enables ransomware analysis. For Linux VMs, you must install the security sensor manually, and uninstall any existing security sensors from the VM. For more information, see Manually Install Sensors. Integrated analysis does not trigger any additional charges.
  • Pause when starting a VM to manually remove production security sensors. Pause when starting VMs during ransomware recovery so you can remove any production sensors or security software, which might interfere with VMware Cloud DR integrated analysis and impact the isolated recovery environment of the recovery SDDC. For more information, see Uninstalling Sensors.
  • Do not use integrated analysis. If you want to use your own security tools for ransomware recovery on your recovery SDDC, select this option. When selected, no VMware Cloud DR security sensors are installed when you start VMs during ransomware recovery.