AI Will Detect Ransomware in Google Drive
Google has unveiled a new AI-powered security feature for Drive for desktop. Trained on millions of real ransomware samples, the system can detect suspicious activity and suspend synchronization to help contain the damage from a crypto-ransomware attack.
How It Works
Drive for desktop is an application that syncs local files on Windows and macOS with Google’s cloud storage. The new AI analyzes file behavior for signs of ransomware—such as large-scale encryption or mass file corruption—and can automatically pause synchronization to prevent infected files from spreading to the cloud.
If ransomware activity is detected, users receive an email and pop-up alert. Google says recovery is streamlined, allowing files to be restored “in just a few clicks.”
Beyond the Cloud
Importantly, the recovery capability is not limited to cloud-native apps. Google notes that the tool also works with traditional desktop software, such as Microsoft Windows and Office. The AI model continuously monitors file changes and incorporates threat intelligence from VirusTotal, which should improve detection of emerging ransomware strains.
Availability and Controls
The feature is enabled by default, though administrators retain the option to disable it for end users. They can also receive alerts whenever malicious activity is detected.
According to Google, the protection is already available in open beta at no additional cost for most Workspace commercial plans, and file recovery remains free of charge.
Damage Control, Not Prevention
While the feature adds a valuable safety net, Google stresses that it is not designed to prevent ransomware infections outright. Instead, the focus is on containing attacks and minimizing financial and operational fallout.
“On average, ransomware costs victim organizations more than $5 million,” the company notes. “Our primary goal is to reduce the damage from attacks and prevent their spread across the network with an added layer of protection.”
In Google’s words, the AI aims to stop ransomware “before it can do the main thing: damage important files and render them unusable.”
