If a ransomware attack occurs and causes your production site to fail, you can recover cleansed VMs to a production network environment on the recovery SDDC


To run production VMs on the recovery SDDC, you need to create VMware Cloud Gateways on the SDDC so you have different network environments to use for ransomware recovery and for running production workloads.

When you recover the VM to the recovery SDDC, the VM will use the gateway and network segment configured on the recovery plan's Virtual network mappings Failover mapping tab. The VM is powered on after it is recovered.


  1. From the VMs list of a running recovery plan, select one or more staged VMs.
  2. Click the Recover VMs button.
  3. In the Recovery VMs dialog box, under Recovery location select Recovery SDDC with failover mappings.
  4. Click the Recover VMs button.
    Recover VMs on the recovery SDDC.
  5. After the VM is recovered to the recovery SDDC, the VM's state changes to Recovered (in recovery SDDC):
    VMs list for a ransomware recovery plan showing VM status as recovered in recovery SDDC.

What to do next

When you have finished recovering VMs, you can end the ransomware recovery plan.

If you recovered a VM to the recovery SDDC because the original protected sit was down, you can fail back the VM to the original or other restored protected site from the recovery SDDC.

Make sure that when you end the ransomware recovery plan, you select 'Create a failback plan' option. Then, you can fail back VMs from the recovery SDDC to the original protected site.