Google unveils AI-powered ransomware detection in Drive with real-time file protection

Google has launched a new AI-based ransomware defence layer within its Drive for desktop application, enabling real-time detection of malicious file behaviour and enhanced recovery options, marking a significant step in enterprise data protection.

Google is introducing a significant new layer of ransomware defence within its Drive for desktop application, deploying an AI-powered system designed to detect abnormal file activity indicative of ransomware attacks. The company characterises this update as an “alarm system that traps attackers in your entranceway,” according to Luke Camery, lead group product manager at Google Workspace, speaking during a press briefing. This innovation aims to operate between traditional antivirus scans and recovery or backup solutions, enhancing protection by flagging suspicious behaviour in real time.

The new ransomware detection feature integrates Google’s VirusTotal technology with AI trained on millions of malware examples. Unlike conventional methods that focus on specific ransomware signatures, Google’s AI assesses behavioural changes in files—for example, recognising when a readable PDF becomes obfuscated or identifying potentially malicious file types. This behavioural focus allows it to detect irregular operations across a wide range of common workplace file types, including CAD and text files. However, the AI does not analyse encrypted or binary files already infected and does not detect the initial infiltration of malware, concentrating instead on the abnormal modifications that typically signal ransomware activity.

Once suspicious activity is detected, Drive pauses file syncing to prevent the spread of ransomware damage and alerts the user. A dedicated dashboard allows the user to examine different versions of files and manually restore an unaffected version. Google retains file version histories for up to 25 days, ensuring users have a substantial window to recover clean copies. Kristina Beht, VP of Product Management at Google Workspace, emphasised that this is not a mere incremental improvement but a critical new defence layer provided at no additional cost to eligible customers.

The ransomware detection capability launched in open beta on 30 September for Drive on Windows and macOS, available to subscribers of Google Workspace’s Business Standard tier and above. Full general availability is anticipated by the end of 2025. The beta release allows Workspace customers to experience the enhanced protections firsthand while Google continues to refine the system.

This launch builds on previous AI-driven security measures Google implemented, such as AI-based anti-phishing tools in Gmail. Additionally, official Google support pages detail how users can enable ransomware detection and file restoration, emphasizing user-friendly recovery processes. The system’s integration into Google Drive’s ecosystem reflects the growing need to address ransomware, an increasingly prevalent cybersecurity threat globally.

Industry responses underline the importance of this development. Reports from various tech news outlets highlight how the timely pausing of file syncing and the ability to restore prior file versions can significantly mitigate damage, potentially saving businesses from costly ransomware incidents. However, while this AI-driven approach enhances early detection and response, experts caution that users must still maintain comprehensive security practices, as the solution does not prevent malware infiltration initially.

In sum, Google’s AI ransomware detection in Drive represents a forward-thinking step toward modernising data protection. By combining advanced behavioural analysis with easy-to-use restoration tools, it aims to provide a critical safety net for business files. As ransomware threats continue to evolve, such innovations could become essential components of enterprise cybersecurity strategies.

📌 Reference Map:

• Paragraph 1 – ^[1], ^[4]
• Paragraph 2 – ^[1], ^[4], ^[6]
• Paragraph 3 – ^[1], ^[2], ^[3]
• Paragraph 4 – ^[1], ^[3], ^[5], ^[7]
• Paragraph 5 – ^[1], ^[3], ^[6]
• Paragraph 6 – ^[4], ^[5], ^[6], ^[7]
• Paragraph 7 – ^[1], ^[4], ^[6]

Source: Noah Wire Services