Google has introduced a new AI-powered ransomware detection feature for Google Drive for desktop, designed to block cyberattacks and protect user files automatically.
This enhancement adds a significant layer of security for users of Windows and macOS, addressing the persistent and costly threat of ransomware.
Ransomware continues to be a major cybersecurity challenge for organizations across all sectors, including healthcare, retail, and government.
Such attacks can lead to severe financial losses, data breaches, and operational disruptions. Last year, ransomware-related incidents accounted for 21% of all intrusions observed by Mandiant, with the average cost of an incident surpassing $5M.
While Google’s native Workspace files, like Docs and Sheets, are immune to ransomware, and ChromeOS has never had a reported ransomware attack, other common file types, such as PDFs and Microsoft Office documents, remain vulnerable on desktop operating systems.
A New Layer of Defense
Traditional antivirus (AV) software, which focuses on identifying and quarantining malicious code before it executes, has proven insufficient against the evolving tactics of ransomware attackers.
Google’s new approach adds a crucial layer of defense. Instead of just trying to block malware at the entry point, the new feature in Drive for desktop focuses on detecting the core behavior of a ransomware attack, the mass encryption or corruption of files.
When the AI model detects this signature activity, it rapidly intervenes by pausing file syncing to the cloud. This action effectively contains the attack, preventing the ransomware from corrupting files stored in the Drive and spreading across the network.
Google Drive for desktop now uses a specialized AI model trained on millions of real-world ransomware samples to identify malicious file modifications.
The detection engine continuously learns and adapts by analyzing file changes and incorporating new threat intelligence from VirusTotal.
Upon detecting suspicious activity indicative of a ransomware attack, Drive for desktop automatically takes several actions:
- Pauses Syncing: It immediately stops the syncing of affected files to the cloud to prevent the spread of encryption.
- Alerts the User: The user receives a notification on their desktop and via email, informing them of the detected threat and guiding them through the recovery process.
- Facilitates Restoration: Users can easily restore their files to a previous, uncorrupted state using an intuitive web interface in Drive. This multi-file restoration can be done with just a few clicks, minimizing data loss and downtime without needing complex IT intervention or third-party tools.
Control and Visibility for IT Teams
The new feature also provides IT administrators with the necessary tools for management and oversight. When a ransomware event is detected on a user’s device, an alert is generated in the Admin console. Administrators can then use the security center to review detailed audit logs of the event.
This capability is enabled by default for all eligible customers. However, administrators have the flexibility to disable the detection and restoration features for end-users if required by their organization’s policies.
Bob O’Donnell, President and Chief Analyst at TECHnalysis Research, commented, “By seamlessly integrating AI-powered ransomware detection and restore capabilities into Drive, Google is helping organizations with an innovative way to avoid an increasingly common and increasingly dangerous threat while also giving end users the ability to continue working.”
This new ransomware detection and file restoration feature is currently rolling out in an open beta. It is included at no extra cost in most Google Workspace commercial plans, and the file restoration capability is also available to consumer users for free.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
