Google is rolling out a new security feature for Google Drive desktop that uses artificial intelligence to detect and limit the impact of ransomware attacks.
The system will automatically pause file syncing when it identifies suspicious activity, preventing encrypted files from spreading across an organization’s cloud storage.
The company says the feature relies on a specialized AI model trained on millions of ransomware samples, enhanced with intelligence from VirusTotal and continuous analysis of file behavior. If Drive detects signs of ransomware, syncing halts, and users receive both desktop and email alerts. Files can then be restored to a healthy state through Drive’s web interface, avoiding costly re-imaging or third-party recovery tools.
The capability is enabled by default for all users on Windows and macOS. IT administrators can disable ransomware detection or restoration in the Admin Console if necessary. While the syncing pause will work on older clients, ransomware detection alerts require Google Drive version 114 or later.
The ransomware detection feature is available to Google Workspace Business Standard/Plus, Enterprise Starter/Standard/Plus, Education Standard/Plus, and Frontline Standard/Plus customers. File restoration, meanwhile, is offered to all Workspace users, Workspace Individual subscribers, and personal Google accounts.
Google emphasized that it does not use customer data—including file contents or restoration activity—to train its generative AI models or for advertising purposes without permission.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
With this update, Google joins competitors offering similar protections: Microsoft 365 provides ransomware recovery through OneDrive, while Dropbox offers ransomware detection for team and enterprise plans.
