Ransomware attacks are a major threat to organizations worldwide, as they can disrupt operations, compromise sensitive data, and cause financial and reputational losses. Sectors like healthcare, education, retail, manufacturing, and government remain frequent targets. According to Mandiant, ransomware and extortion incidents accounted for 21% of all intrusions last year, with the average cost exceeding $5 million per attack.
To address this persistent threat, Google is introducing a new feature in Drive for desktop that uses AI to detect ransomware activity.
According to Google, the AI model is trained on millions of real-world ransomware samples to detect signs of malicious file modification. The detection engine also adapts to new ransomware by continuously analyzing file changes and integrating new threat intelligence from VirusTotal.
When suspicious file activity is detected, such as attempts to encrypt multiple files at once, the system automatically pauses syncing to prevent the damage from spreading. Users are alerted both on the desktop and via email, then guided through a simple web interface to restore affected files to a safe, previous state.
Google Drive Alert
Source: Google
The feature only works on Google Drive and does not extend to the computers themselves. If a ransomware attack affects the whole system, the feature does not cover it.
For IT administrators, the system provides visibility and control through the Admin console. Alerts appear in the console, and detailed audit logs are available in the security centre. Protections are enabled by default for most Workspace customers, though admins can adjust the settings if needed.
This new capability is currently rolling out in open beta and is included at no extra cost for most commercial Workspace plans, with users also benefiting from file restoration features.
About the author:
