Google has launched an AI-powered ransomware detection and recovery capability for Google Drive for desktop, aiming to give businesses and individuals a new line of defence against one of the most disruptive forms of cybercrime.
New AI-Powered Features
Available in open beta from today, this innovative feature automatically detects suspicious activity indicative of ransomware attacks. It pauses file syncing to the cloud and allows users to restore affected files with just a few clicks. This capability comes at no additional cost to most Google Workspace commercial customers, as well as individual users.
Ransomware remains a significant threat in the cybersecurity landscape, with Mandiant reporting that ransomware-related intrusions constituted 21% of all incidents it investigated last year. The financial impact is staggering, with the average cost of a ransomware or extortion attack surpassing US million.
A New Layer of Defence
Luke Camery, the Lead Group Product Manager for Google Workspace, emphasized that traditional ransomware prevention methods have heavily relied on antivirus tools that detect and quarantine malicious code prior to execution. “This is an important and necessary defence,” he noted, “but with the continued success of ransomware attacks, it is clear this approach is insufficient.”
Camery elaborated on the new capabilities, stating, “We have introduced an entirely new layer of defence. While antivirus solutions continue their work to stop ransomware from getting in, we’ve built protections to stop it from being effective once it is, inevitably, through the door.”
The AI-powered detection in Drive for desktop identifies the core signature of a ransomware attack and intervenes swiftly, creating a protective bubble around a user’s files. By halting file syncing to the cloud before the ransomware can proliferate, it effectively prevents the corruption of critical files.
Comprehensive Protection
In addition to this new feature, Google’s built-in virus detection in Drive, Gmail, and Chrome works to prevent ransomware from spreading to other devices, thereby safeguarding entire networks. While native Workspace documents like Google Docs and Sheets are immune to ransomware, threats persist for other file formats such as PDFs and Microsoft Office documents, particularly on desktop operating systems like Microsoft Windows.
Bob O’Donnell, president and chief analyst at TECHnalysis Research, remarked, “By seamlessly integrating AI-powered ransomware detection and restore capabilities into Drive, Google is helping organisations with an innovative way to avoid an increasingly common and dangerous threat. This is beneficial not only for Google Workspace users but also for individuals and companies utilizing other office productivity suites.”
Intelligent Recovery Process
Kristina Behr, Google Workspace’s VP of Product Management, shared insights into the technology behind the feature. “We’ve built a specialised AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified. The detection engine adapts to novel ransomware by continuously analysing file changes and incorporating new threat intelligence from VirusTotal.”
When Drive detects unusual activity suggestive of a ransomware attack, it automatically pauses syncing of affected files, preventing widespread data corruption. Users receive alerts on their desktops and via email, guiding them through the process of restoring their files. Unlike traditional solutions that may involve complex re-imaging or costly third-party tools, Drive offers an intuitive web interface that allows users to restore multiple files to a previous, healthy state with minimal effort.
For IT teams, administrators retain the necessary visibility and control by receiving alerts in the Admin console for detected ransomware activity. They can utilize the security centre to review the audit log, which provides detailed information on incidents.
Google’s latest rollout represents a significant advancement in enterprise-grade security controls for Workspace customers, reinforcing business continuity amid the rising tide of ransomware threats.
