Google introduces AI-powered ransomware detection in Drive for desktop. The system automatically pauses file synchronization in case of suspicious activity and offers a simple recovery option. The technology has been trained on millions of real-world ransomware samples.
Upon detection, users receive both a desktop notification and an email. They can then easily restore multiple files to a previous, healthy state via the Drive web interface. This requires just a few mouse clicks, without complex re-imaging or expensive external tools.
For IT administrators, the Admin console offers complete visibility. They receive notifications about detected ransomware activity and can consult the audit log for detailed information.
AI model recognizes mass encryption
The AI system has been trained on millions of real ransomware samples. It recognizes the core signature of ransomware attacks: attempts to encrypt or corrupt files en masse. As soon as Drive detects unusual activity, synchronization with the cloud is automatically paused.
The detection engine adapts to new ransomware by continuously analyzing file changes to identify emerging threats. In addition, the system integrates new threat information from VirusTotal.
New line of defense against ransomware
Ransomware remains one of the most damaging cyber threats. Research by Mandiant shows that ransomware intrusions accounted for 21 percent of all attacks observed last year. The average cost of a ransomware incident exceeds $5 million.
Traditional antivirus solutions are no longer sufficient. Google has therefore opted for a different approach. Instead of stopping malware at the door, the new system protects files after ransomware has already entered.
Enabled by default, but manageable
The functionality is enabled by default for all customers, but administrators retain control. They can disable detection and recovery options for end users if desired.
The system works on Windows and macOS. In addition to ransomware detection, the built-in virus detection in Drive, Gmail, and Chrome helps prevent further spread to other devices.
The open beta of this feature launched today. The feature is included in most commercial Workspace subscriptions at no additional cost. Consumers also benefit from the recovery functionality free of charge.
Tip: Google Drive is faster than ever thanks to new sync technology