Google Drive rolls out AI ransomware detection to all users, detecting 14x more infections

Google Drive's AI Ransomware Detection Is Now Available for All Workspace Users

(Credit: Thomas Fuller/SOPA Images/LightRocket via Getty Images) UPDATE: After testing Drive's AI-powered ransomware detection with a limited group of users last year, Google is rolling it out to all Workspace users this week. The feature is enabled by default and pauses file syncing when the system detects potential ransomware activity. It also provides users with the option to restore unaffected file versions by going to Settings > Restore file versions. Users and admins get notified of potential infections. Since its debut last year, the feature has improved to detect 14x more infections, Google says. While Drive's ransomware detection could prove useful, it comes with one major caveat: it only works with the desktop app on Windows and macOS. Another limitation is that only admins can control the feature. To disable it, admins must go to Admin console > Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware. The option to enable or disable Drive file restoration is also on the same page. Original Story 9/30/25: Google is adding new AI-powered ransomware detection for Google Drive on desktop. The new protection is trained on millions of real-world ransomware samples and is capable of identifying maliciously modified files in Drive. Once the app detects "unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization's Drive," Google says in a blog post. Additionally, users will receive alerts for malware detection and instructions to recover healthier versions of their files via app notifications and email. "This rapid recovery capability helps to minimize user interruption and data loss, even when using traditional software such as Microsoft Windows and Office," Google says. To keep up with the growing threat, Drive's "detection engine adapts to novel ransomware by continuously analyzing file changes and incorporating new threat intelligence from VirusTotal," Google adds in its blog post. The feature is enabled by default on Drive for Windows and macOS, but admins can disable it and initiate file restoration. They also receive alerts on their console and can review the audit log from the security center. Google Drive's AI-powered ransomware detection begins rolling out today in open beta for "most Workspace commercial plans at no additional cost."

Google Drive ransomware detection now on by default for paying users

Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. Announced in September 2025, a beta version of this feature began rolling out to Google Workspace customers worldwide in early October. Google Drive will immediately pause file syncing when it detects a ransomware attack, notifying users and IT admins of the breach and drastically minimizing the impact of such incidents. While this will not prevent the files on the compromised computer from being encrypted, documents stored in Google Drive will be protected and can be quickly restored once the malware infection is resolved. After an attack is blocked, users are also provided with detailed instructions for restoring corrupted files using the Drive restoration tool to undo ransomware changes. "When ransomware detection is on, files are scanned for ransomware when they are synced from a desktop computer to Drive," Google explains. "If ransomware-encrypted files are found, desktop sync is paused. The affected user gets an email alert and is notified in Drive, and an alert is created in the Google Admin console." "Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster. Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection," it added. Google says the feature is now on by default for all users in organizations with business, enterprise, education, and frontline licenses, while the file restoration feature is available to all Google Workspace customers, Workspace individual subscribers, and users with personal Google accounts. Although enabled by default for all users, admins can turn it off for their organizations in the Admin console under Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware. While admins will have to install the latest version of Google Drive for desktop (v.114 or later) on all endpoints to enable detection alerts, file syncing will still be paused on older versions. Microsoft also provides OneDrive ransomware detection and recovery for Microsoft 365 subscribers who store and sync their files in the cloud. Dropbox, another widely used cloud storage service, offers a similar feature to customers on Business Plus, Advanced, or Enterprise plans, as well as for Standard or Business plans with the Security add-on.

Google Drive just got a powerful new security upgrade, and it's available to all users

Timi is a news and deals writer who's been reporting on technology for over a decade. He loves breaking down complex subjects into easy-to-read pieces that keep you informed. But his recent passion comes from finding the best discounts on the internet on some of the best tech products out right now. If you're someone who's highly invested in Google products and services, there's a pretty good chance you're using Google Drive. Being able to store you data in the cloud can be a lifesaver, even if you're just using the 15GB that comes included for free with every Google account. Of course, Google has added features here and there to Drive in order to make the experience better on PC, Android, and other platforms. Back in late 2025, Google rolled out its ransomware scanning tool in beta, which is a pretty powerful tool if you're someone who shares their files with multiple devices. It's about time While it was limited before, Google shared through its Workspace blog that its ransomware detection and file restoration are now rolling out to all users, bringing a new level of protection to Google Drive (via Android Authority). While the beta delivered, Google now shares that the public rollout is even better, with its latest AI detection feature recognizing 14 times more infections. So what exactly happens when this protection goes to work? Well, as soon as there is ransomware detected, Google Drive will automatically pause syncing in order to prevent the bad file from spreading to other devices. Users will be notified about the file, and emails will be sent out to connected users if needed. The warning is quite bold, so we don't think you'll miss it if you encounter this. As you can imagine, this can be a lifesaver if you have Drive setup with an organization. In addition to the above, Drive will now be able to restore files to a previous version in order to eliminate the chance of infection. This will be helpful if you're looking to retrieve your data and start fresh after a ransomware attack. Subscribe to the newsletter for Google Drive security updates Get clear, actionable coverage of Google Drive security and related product protections - subscribe to the newsletter for practical explanations, setup guidance, and follow-up analysis that helps you understand new Drive features. Get Updates By subscribing, you agree to receive newsletter and marketing emails, and accept our Terms of Use and Privacy Policy. You can unsubscribe anytime. Google states that these protections will be on by default going forward. Just make sure that you're using Google Drive version 114 or later. Naturally, if you don't want these features, you can turn them off in the Settings menu. When it comes to the settings, you will have the option to set the detection level in order to have it work with your workflow. So, if you're a Google Drive user, give this one a try.