Google Drive adds AI ransomware protection
▼ Summary
– Google Drive now automatically pauses file syncing when it detects ransomware to protect cloud-stored documents from widespread corruption.
– The feature uses an AI model trained on millions of ransomware samples to identify malicious file alterations and adapts to new threats using VirusTotal data.
– Users receive desktop and email alerts to restore files easily through Drive’s web interface, avoiding complex recovery processes.
– Ransomware detection is enabled by default for Google Workspace users on Windows and macOS, but IT admins can disable it or file restoration if needed.
– The feature is available to specific Google Workspace plans, while file restoration is accessible to all Google account holders, and customer data isn’t used for AI training or ads without permission.
Google Drive has introduced a sophisticated new security enhancement, leveraging artificial intelligence to automatically halt file synchronization whenever ransomware activity is detected. This proactive measure aims to protect users’ cloud-stored documents from widespread encryption, even if local files on an infected computer become compromised. By stopping the sync process in its tracks, the feature prevents ransomware from propagating to the cloud version of your files, ensuring a clean, restorable copy remains accessible.
Although the system cannot block ransomware from locking files on the local machine, it effectively safeguards the versions stored in Google Drive. Users can then recover their data on another device or on the same computer once the malware has been removed. Google explained that the underlying technology relies on a specialized AI model educated on millions of actual ransomware samples. This enables it to quickly recognize the hallmarks of malicious file alterations and take immediate defensive action.
The anti-ransomware engine is designed to evolve, integrating fresh threat data from VirusTotal and continuously monitoring file modification patterns. This allows it to adapt to newly emerging ransomware variants. When unusual activity consistent with an attack is identified, Drive automatically suspends synchronization for the impacted files. This containment strategy helps avert extensive data loss across an organization’s Drive storage and minimizes workflow interruptions.
Affected individuals will see a desktop alert and receive an email notification with instructions for file recovery. Google emphasizes that, unlike conventional approaches that may involve system re-imaging or expensive third-party software, its web-based interface lets users restore numerous files to a previous uninfected version with just a few simple clicks.
This ransomware protection is enabled by default for Google Drive users on both Windows and macOS. However, IT administrators have the option to disable either ransomware detection or file restoration via the Admin console, under Apps > Google Workspace > Settings for Drive and Docs. It’s important to note that while older Drive versions will still pause syncing during an attack, users must have version 114 or newer installed to receive ransomware detection alerts.
The detection capability is available to Google Workspace subscribers with Business Standard, Business Plus, Enterprise Starter, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Frontline Standard or Plus plans. File restoration, on the other hand, is offered to all Google Workspace customers, including individual subscribers and those with personal Google accounts.
Google has also clarified that it does not use customer data, such as user prompts or AI-generated content, to train its generative AI models or for advertising, unless explicit permission is provided.
Other cloud storage providers offer comparable protections. Microsoft 365 subscribers using OneDrive benefit from ransomware detection and recovery tools, while Dropbox provides a similar feature for teams on Standard, Business, Advanced, or Enterprise subscription tiers.
(Source: Bleeping Computer)
