Google Drive now blocks ransomware with AI
▼ Summary
– Google has launched an AI-powered ransomware detection and recovery feature for Google Drive desktop, automatically detecting suspicious activity and pausing file syncing to prevent data corruption.
– The new capability enables users to restore affected files with a few clicks and is available at no extra cost to most Google Workspace commercial customers and consumers.
– Google’s AI model is trained on millions of ransomware samples to identify malicious file modifications and adapts to new threats using VirusTotal intelligence.
– The feature provides alerts to users and administrators, allowing rapid file restoration to minimize disruption and data loss without complex recovery tools.
– This innovation adds a new defense layer against ransomware, which remains a major global threat with average attack costs exceeding $5 million.
Google has rolled out a new artificial intelligence feature for Google Drive on desktop that actively identifies and helps users recover from ransomware attacks. This enhancement provides an additional layer of security for both businesses and individual users, aiming to curb one of the most destructive forms of cybercrime currently affecting organizations globally.
Now accessible through an open beta, the tool automatically scans for activity that matches ransomware behavior. Upon detecting a threat, it immediately halts file synchronization to the cloud. Users can then restore any compromised files with just a few simple clicks. The capability is offered at no extra charge to most Google Workspace commercial subscribers, as well as personal Google account holders.
Ransomware remains a severe and costly digital threat. Recent industry reports indicate that ransomware was involved in more than one-fifth of all security incidents investigated last year, with the average financial impact from such attacks surpassing five million dollars.
Luke Camery, Lead Group Product Manager for Google Workspace, explained that conventional ransomware protection has largely depended on antivirus programs that locate and isolate harmful code before it runs. He described this as a critical defense mechanism, but noted its limitations given the ongoing success of ransomware campaigns.
Google’s solution introduces a novel protective measure. While antivirus tools work to block ransomware from entering a system, this new AI-driven feature operates under the assumption that some threats will get through. It then works to neutralize their impact.
The specialized AI in Drive for desktop recognizes the fundamental patterns of a ransomware attack and intervenes swiftly. It creates a protective barrier around user files by stopping cloud synchronization before the malicious software can propagate. This action prevents ransomware from achieving its primary goal: encrypting or corrupting important data to render it unusable.
Built-in virus scanning within Drive, Gmail, and Chrome also plays a role by helping to block ransomware from moving to other devices, which could otherwise lead to a full network takeover.
Although native Google file types like Docs and Sheets are inherently immune to ransomware, and ChromeOS has never experienced a ransomware incident, the risk remains significant for other formats—such as PDF and Microsoft Office files—and for operating systems like Windows.
Industry analyst Bob O’Donnell, president of TECHnalysis Research, remarked that by embedding AI-powered ransomware detection and recovery directly into Drive, Google offers organizations a smart method to counter a widespread and hazardous threat. He emphasized that the benefits extend beyond Google Workspace to individuals and companies using alternative office software.
Kristina Behr, Vice President of Product Management for Google Workspace, shared that the company developed a custom AI model trained on millions of actual ransomware samples. This model searches for indicators that a file has been altered maliciously. The detection system evolves by constantly assessing file modifications and integrating the latest threat data from sources like VirusTotal.
When Drive identifies unusual behavior indicative of ransomware, it automatically suspends syncing for the impacted files. This helps contain the damage, preventing extensive data loss across an organization’s Drive and avoiding major workflow interruptions.
Affected users get a notification on their desktop and through email, with clear instructions for file restoration. Unlike older methods that often involve complicated system re-imaging or expensive external tools, Drive’s web interface lets users revert multiple files to a safe, earlier version quickly and easily. This streamlined recovery process reduces both downtime and data loss, even on platforms like Windows running traditional Office applications.
For IT administrators, the system provides necessary oversight. Alerts appear in the Admin console whenever ransomware activity is detected. Administrators can also use the security center to examine detailed audit logs for further investigation.
Google positions this rollout as part of its ongoing effort to bolster enterprise-level security for Workspace clients, supporting business continuity as ransomware threats continue to grow in scale and sophistication.
(Source: ITWire Australia)
