Google Drive Introduces AI-Powered Ransomware Detection to Combat Cyber Threats

Google's Latest AI Ransomware Defense Only Goes So Far

Ransomware attacks have loomed for years as an urgent digital threat with no easy solution -- especially as they have evolved to include data grab-and-leak attacks that may not even involve data-encrypting malware at all. Traditional ransomware that locks up files and systems is still rampant, though, and Google on Tuesday launched a new defense for its Google Drive for desktop apps that aims to quickly detect ransomware activity and halt cloud syncing before an infection can spread. While antivirus scanners monitor for signs of malware across a system, the new ransomware protections in Drive for desktop are meant to act as an additional line of defense. The detection capability is built on an AI model that Google trained using millions of real victims files that had been encrypted with various strains of ransomware. And the feature is designed to detect and contain suspected ransomware in desktop Drive very quickly. For enterprise Google Workspace customers, the feature is an asset, protecting files of any format that are stored in Drive for desktop and allowing users to easily restore any data that is encrypted or corrupted by malware. But like other ransomware detection and data backup features, the tool is a treatment not a cure. "The innovative part is doing that real time detection and quickly stopping the sync to minimize the damage. That was what our customers were telling us they really wanted," says Jason James, a product manager for Google Workspace. "You've got hundreds, millions, billions of users -- and so to check every file quickly and accurately and wherever the user is around the world were all challenges." Designed to work in tandem with the malware monitoring tools that Google already builds into Drive, Chrome, and Gmail, the protection was built using the expertise of Google's core antivirus software development team, James notes. "For me, the coolest part is that we can take this AI-based way of detecting ransomware behavior and then we can pair it with protecting the user's data so we minimize the damage," James says. "We see it as a missing safety net." The feature has some straightforward limitations, though. It is only relevant at all, of course, if a business or institution uses Drive for desktop in the first place -- a not insignificant caveat when so much of enterprise software is still dominated by Microsoft. Additionally, Drive for desktop is an app for Windows PCs and Macs. If ransomware is tearing through digital files that aren't stored in Drive, Google has no ability to detect the infection. Other cloud storage platforms, including Microsoft's OneDrive and Dropbox, offer features with similarities to the new Drive for desktop ransomware protection. And while detection and response are crucial components as defenders work to deter cybercriminals and empower victims to withhold ransom payments, the benefits and limitations of each individual tool serve as a reminder that there is still no panacea for the threat of ransomware.

Google Drive adds AI to detect ransomware before it spreads

Google Drive for desktop is adding ransomware detection using an AI model trained on "millions of real-world ransomware samples" that will "look for signals that a file has been maliciously modified." When Google's AI believes it has detected ransomware activity on a Windows or macOS system, like trying to encrypt or corrupt files en masse, it will automatically stop syncing Drive files, alert users on their desktop and over email, and allow users to restore their files to an older version. The feature is rolling out in open beta starting today, and in a briefing with reporters, Google's Luke Camery said the company aims to make it generally available by the end of the year. "We've built a specialized AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified," Google says in a blog post. "The detection engine adapts to novel ransomware by continuously analyzing file changes and incorporating new threat intelligence from VirusTotal. When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization's Drive and the disruption of work." Ransomware attacks are still on the rise, with the Office of the Director of National Intelligence reporting that there were 5,289 ransomware attacks worldwide in 2024, a 15 percent increase from 2023.

Google releases AI-powered ransomware detection features for cloud files

It's available as a beta release today for commercial customers at no extra cost. To an organization, nothing is more disruptive than falling victim to a ransomware attack. A successful attack means that the organization's files are forcibly encrypted and their business grinds to a halt until they pay a ransom or restore a backup. That's bad for profits if you're running a factory that manufactures widgets, but ransomware can kill people if the target is a hospital or healthcare system -- and there were more than 1,000 such attacks against healthcare providers in the U.S. alone between 2010 and 2024. Also: Phishing training doesn't stop your employees from clicking scam links - here's why Recovering from a ransomware attack is possible if an organization has good backups, but that's a time-consuming process. It's also expensive, with the typical cost of a ransomware incident measured in the millions of dollars. It's much more effective to stop the malicious code before it can corrupt the organization's files and render them unusable. That's the goal of a new feature that Google announced today for enterprise customers using its Google Drive cloud storage products with Google Workspace. The new feature adds AI-powered ransomware detection to the Drive for desktop sync utility on Windows and MacOS computers, automatically pausing the sync process when it detects activity that is characteristic of a ransomware attack. It's the latest escalation in a battle with global criminal organizations that are increasingly using AI-based tools to develop and spread their malware. According to Google, its new AI model has been trained on millions of real-world ransomware samples, drawn from its VirusTotal database. The detection engine looks for "signals that a file has been maliciously modified," stopping the sync process and alerting the user. At that point, Google claims, the recovery process "allows users to easily restore multiple files to a previous, healthy state with just a few clicks." The detection also alerts administrators, who can review audit logs with more detailed information. According to the company, this feature is on by default for all customers with commercial Google Workspace plans, at no additional cost. Admins can disable detection and restoration capabilities for end users from the Workspace management console. Other cloud-based providers offer ransomware protection features, typically involving some form of versioning that allows an organization to roll back to an uncorrupted state and prevents ransomware from tampering with those backups. Microsoft OneDrive for Business, for example, has an exhaustive collection of procedures for Azure and Microsoft 365 administrators to follow. Dropbox offers ransomware detection as part of a security add-on that costs extra for Standard and Business plans but is included for free with Advanced and Enterprise plans. The Google features are available in a beta release that is available today as an update to the Drive for desktop utility on Windows and MacOS.

Google Drive gets new ransomware detection feature

Stopping the spread isn't the same as stopping attacks, period Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright. The model, which the Chocolate Factory boasts has been "trained on millions of real-world ransomware samples," looks for signs that may indicate ransomware - such as attempts to encrypt or corrupt large numbers of files - and then pauses syncing of affected files, helping prevent wider spread. Drive for desktop is Google's sync app for Windows and macOS that keeps local files in step with cloud storage. This Drive for desktop tool then sends an email alert or a desktop notification to the Drive user, guiding them to restore their files via "just a few clicks," Googlers Luke Camery and Kristina Behr said in a Tuesday blog. The recovery capability works across "traditional software" including Microsoft Windows and Office, the duo added. Plus, the model continuously analyzes file changes, and pulls in threat intelligence from VirusTotal, which, at least in theory, should help it detect even new and novel malware variants and attack behaviors. The new capability is turned on by default, but administrators can disable detection and restoration for end users, if needed. Admins can also receive alerts in the Admin console for any detected ransomware activity. It's available in open beta as of Tuesday, and Google says these ransomware detection, alerting, and file restoration capabilities are included in most Workspace commercial plans at no extra cost. Consumers also receive file restoration at no additional cost. And while this represents an important extra layer of defense against ransomware - which, as Camery and Behr point out, "remains one of the most damaging cyber threats facing organizations today," - this is not a silver bullet nor will it prevent ransomware attacks, which, on average, cost each victim in excess of $5 million. "The focus is limiting the damage of ransomware attacks, stopping them from spreading across networks with this new layer of protection," Google Workspace security and privacy spokesperson Ross Richendrfer told The Register. This layer is in addition to antivirus (AV) products, which should detect and then quarantine malicious code, thus stopping ransomware from getting through the door. But if AV was entirely successful, we wouldn't see any ransomware attacks. Instead, we have daily headlines and growing numbers of data-encrypting and extortion incidents. Google Drive's new AI-powered detection "helps to stop ransomware from doing what it must to be most effective: corrupt important files and make them unusable," Camery and Behr wrote.

Google Drive for desktop gets AI-powered ransomware detection

Google has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it detects a ransomware attack to minimize impact. While this will not block ransomware from encrypting files on the infected computer, users' documents stored in Google Drive will be protected and can be easily restored on a different device or on the compromised computer after the malware infection has been resolved. The company stated that the feature utilizes a "specialized AI model" trained on "millions of real-world ransomware samples" to rapidly identify and respond to signs that a file has been maliciously altered. The anti-ransomware engine is also capable of adapting to new ransomware strains by incorporating new threat intelligence from online malware scanning service VirusTotal and continuously analyzing file changes. "When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization's Drive and the disruption of work," Google said on Tuesday. "Users then receive an alert on their desktop and via email, guiding them to restore their files. Unlike traditional solutions that require complex re-imaging or costly third-party tools, the intuitive web interface in Drive allows users to easily restore multiple files to a previous, healthy state with just a few clicks." This new capability is toggled on by default for all Google Drive users on Windows and macOS systems, but IT administrators can turn off ransomware detection (from Admin console > Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware) and file restoration (from Admin console > Apps > Google Workspace > Settings for Drive and Docs > Drive file restoration) capabilities if needed. Also, while syncing will be paused automatically on older versions, those who also want to enable ransomware detection alerts must install Google Drive version 114 or later on their computers. The new ransomware detection feature is available to Google Workspace users with Business Standard/Plus, Enterprise Starter/Standard/Plus, Education Standard/Plus, and Frontline Standard/Plus subscriptions. File restoration is available to all Google Workspace customers, Workspace Individual Subscribers, and users with personal Google accounts. Google added that it doesn't use the customers' data, such as prompts and generated outputs, to train and fine-tune its generative AI models or for advertising purposes without permission. Microsoft also provides ransomware detection and recovery for Microsoft 365 subscribers who use OneDrive to store and sync their files in the cloud. Dropbox, another popular cloud storage service, has a similar feature available to teams with Standard, Business, Advanced, or Enterprise subscriptions.

Google launches AI ransomware detection in Drive desktop, trained on millions of attack samples

Serving tech enthusiasts for over 25 years. TechSpot means tech analysis and advice you can trust. Connecting the dots: Ransomware has become one of the most devastating threats in the digital era, locking away critical files and demanding costly payouts. When combined with AI and cloud computing, the risks and stakes raise even higher. However, Google is betting that AI models can play a crucial role in protecting users' data, even during an active ransomware attack. Google believes that the constantly evolving ransomware threat requires a novel approach to prevention and detection. To that end, the company has announced a new AI-powered anti-ransomware feature for its Drive desktop utility, designed to stop file-encrypting malware even after it has breached a system. Ransomware remains one of the most dangerous threats facing organizations and individual users. These attacks can cause significant financial losses, disrupt business operations, and compromise sensitive data. Industries ranging from healthcare, retail, and education to manufacturing and government have all been affected. To address this, Google is enhancing Drive with an AI-based detection system that can automatically pause file synchronization if a ransomware infection is detected. According to the company, native Workspace documents and ChromeOS are largely safe from such attacks, but major desktop platforms like Windows and macOS may benefit from this additional layer of protection. Google describes this as an "entirely new" layer of anti-ransomware defense, designed to work alongside traditional anti-malware protections. The company trained its AI model on millions of real-world ransomware samples, making it capable of detecting the strongest indicators of new ransomware infections. Furthermore, the model is being continuously improved by analyzing new samples going through the VirusTotal platform. Google said that the new protection is based on a "detection engine" that can incorporate new VT threat intelligence, which sounds more like a traditional anti-malware product than a hallucination-prone AI model. Importantly, Google emphasizes that the new AI model is not trained on customer data. Users' files are not used to train or fine-tune the system unless explicit permission has been granted. According to Bob O'Donnell, chief analyst at Technalysis Research, the feature "is great not only for Google Workspace users but individuals and companies who may use other office productivity suites as well." Currently available in open beta, the AI-powered ransomware protection can also restore unencrypted files from the cloud during an active infection. Administrators will have access to added controls, with Workspace's Admin Console delivering alerts when ransomware activity is detected across their networks.

Google Drive upgrades with AI that spots ransomware before it spreads

Ransomware is a threat that can disrupt businesses and cause real problems for everyday people. When you suddenly lose access to important files, such as family photos, schoolwork, or financial documents, the impact is immediate and personal. As this risk is growing, Google is introducing an AI-powered system in Drive for desktop that can detect ransomware activity early and help users recover before the damage spirals out of control. Google is embedding a new layer of protection into Drive for macOS and Windows that watches for mass file encryption or corruption, a behavior that typically signals a ransomware attack, as per the company's blog post. Instead of hunting for malicious code (the traditional antivirus approach), this AI model monitors how files are changing. Once it spots suspicious patterns -- usually after just a few files begin scrambling -- it pauses syncing between your device and the cloud. That creates a barrier, so the compromised files can't overwrite the clean ones in Drive. After that, Google gives you a chance to restore things to normal. You'll receive alerts on your desktop and in your inbox, and you can use a new, user-friendly web interface within Drive to revert to a safe version of your files. This avoids the need for complex re-imaging or third-party tools, reducing downtime and data loss. The cost of attacks and why AI fills the gap Ransomware remains a serious threat. In 2024, 21% of intrusions tracked by Mandiant involved ransomware, and the average cost per incident topped $5 million. Many organizations, particularly in sectors such as healthcare, retail, education, manufacturing, and government, feel this acutely. What often gets overlooked is the phase that occurs after an attack begins but before it fully contaminates your data. Google's logic: antivirus tools try to block threats at the entry point; backup systems help you recover after the damage is done. However, there's a gap between those two, where AI protection resides. Google isn't pitching this as a replacement for antivirus or endpoint detection/response (EDR) systems -- it's explicitly a supplement. You still need multiple layers of defense, but this adds a catch-before-it 's-too-late buffer. One point to note: the tool focuses on the types of files that ransomware tends to target -- things like Office documents and PDFs -- rather than Google's own native Docs/Sheets, which already have built-in protections. Additionally, Google states that it doesn't collect user data or prompts to train its AI models (at least not without explicit permission). This AI ransomware detection is launching initially as an open beta. For most Google Workspace commercial customers, this feature is included at no additional charge. Individual users also gain access to the file-restore capability without incurring an additional cost. Right now, there's no word on whether Google will extend similar protections to its Cloud Storage product (used by enterprises).

Google updating Drive for desktop with AI ransomware detection

Google Drive for desktop on macOS and Windows is adding AI-powered ransomware detection that can stop syncing and allows for easy file restore. This new approach complements antivirus software. However, if ransomware (malicious software that prevents access to your data) bypasses that layer of protection, Google will "stop it from being effective." You're instructed to first "remove the ransomware from your computer," and delete the corrupted files. Drive for desktop is leveraging an AI model to identify attempts to bulk encrypt or corrupt files. Trained on millions of real-world ransomware samples, this detection engine is "continuously analyzing file changes and incorporating new threat intelligence from VirusTotal." When unusual activity is detected, Drive automatically "pauses syncing of affected files, helping to prevent widespread data corruption across an organization's Drive and the disruption of work." Users will receive a prominent desktop notification when this occurs, as well as an email, on how to restore their files "to a previous, healthy state with just a few clicks." (In companies, IT admins will also be alerted.) Google says Drive is more user-friendly than "complex re-imaging or costly third-party tools." This rapid recovery capability helps to minimize user interruption and data loss, even when using traditional software such as Microsoft Windows and Office. AI ransomware detection in Drive for desktop is rolling out starting today in open beta: "It is included in most Workspace commercial plans at no additional cost. Consumers also benefit from the file restoration capability at no additional cost."

Google rolls out Drive updates to block huge ransomware attacks

Microsoft Windows and Office continue to be central targets for ongoing ransomware threats Ransomware continues to cause disruption across industries, with incidents reported in healthcare, retail, education, manufacturing, and government. Financial losses can exceed millions of dollars per case, and recovery often takes time that organizations cannot afford. Although native Google Workspace files, such as Docs and Sheets, have not been affected by ransomware, formats like PDF and Office documents remain vulnerable. The company has positioned its new protection tools as a response to this ongoing risk, as Google Drive for desktop now includes artificial intelligence designed to detect ransomware activity before it can damage data stored in the cloud. Instead of attempting to block every malicious program before activation, the system looks for suspicious encryption attempts and halts syncing immediately. By cutting off synchronization, Google says it can prevent ransomware from spreading through an organization's files. Users are then presented with options to restore their data to a safe state without relying on external tools. For administrators, alerts are issued through the Admin console, offering visibility into suspicious activity. IT teams can review logs, decide whether to allow restoration, and maintain oversight of affected accounts. The system operates on both Windows and macOS devices, with detection models trained on millions of samples. Google states that continuous updates from threat intelligence services like VirusTotal help refine detection and adapt to new attack techniques. The announcement stresses that ransomware is not only an IT problem but one that interrupts core business operations. Google's AI-based approach aims to provide a safety net after an intrusion has occurred, whereas traditional methods focus on prevention alone. In theory, combining antivirus defenses with new cloud-level interventions could reduce damage, although it remains uncertain how well these systems will hold up against increasingly complex attacks. While Google presents its tool as a breakthrough, no single technology guarantees full protection. Organizations still depend on layered security practices such as malware removal, secure authentication, and the use of password managers to guard against intrusions. "By seamlessly integrating AI-powered ransomware detection and restore capabilities into Drive, Google is helping organizations with an innovative way to avoid an increasingly common and increasingly dangerous threat while also giving end users the ability to continue working," said Bob O'Donnell, President and Chief Analyst, TECHnalysis Research. "This is great not only for Google Workspace users but individuals and companies who may use other office productivity suites as well."

Google Debuts New Ransomware Protection: 5 Things To Know

New AI-powered capabilities in Google Drive aim to block ransomware from spreading after a malicious change to a file is detected. Google unveiled what it's calling a new approach to combating ransomware Tuesday, with the debut of AI-powered capabilities in Drive that aim to halt an attack before it can do serious damage. The new functionality in Google Drive is capable of blocking ransomware proliferation after a malicious change to a file is detected, the company said. [Related: 5 Big Google Cloud Security Announcements At Next 2025] "It's clear to us that there's kind of a fundamental flaw in the status quo [of] ransomware protections," said Luke Camery, lead group product manager for Google Workspace, during a briefing with media outlets. "Either they're entirely focused on treating ransomware like an antivirus problem, or they assume that you've already been hit and they treat it like a backup and recovery problem." The new ransomware protection capabilities are now available for Google Drive for desktop as an open beta, the company said. The functionality will be included in "most" Workspace commercial plans for free, according to Google. What follows are five things to know about Google's new ransomware protection capabilities. Aimed At Mixed Google-Microsoft Environments While Google Drive is typically not directly targeted by ransomware actors, many organizations are using mixed environments that might end up making Drive more vulnerable, Camery said. For instance, many Google Workspace customers actually work with Microsoft Office files, he said -- something that Workspace supports so that files don't need to be converted into Google formats. "Where this [ransomware protection] idea came from, frankly, is that we have a lot of customers who dual-use Workspace with the Microsoft Office editors," Camery said. "Microsoft Office [frequently] carries malware, or VBA macros delivered with Office can hit you with a malware [or ransomware attack." Google recognizes that many of its customers are not entirely using Drive -- and given that, the company wanted to provide an "organization-wide safe haven and additional layer of protection" against the ransomware threat, he said. "This is really for those customers who are operating multiple environments," Camery said. Ransomware Detection The new functionality works by using a specialized AI model -- trained on a sizable number of ransomware samples -- to spot signals of malicious modification of a file, according to Google. The AI model is thus able to detect the core indications that ransomware deployment is underway by spotting attempts to corrupt or encrypt a large amount of files, Google executives said. The capabilities continuously analyze file changes while also leveraging updated VirusTotal threat intelligence, the company said. File Restoration Once a malicious file change is detected, Google Drive will then automatically pause the syncing of affected files, according to Google. This effectively prevents the encryption or corruption of data across the customer's Drive accounts, Google said. At that point, a user will receive an alert -- displayed on their desktop and sent to their email -- which will guide them through the process of restoring their files, the company said. A Different Approach Google is specifically not trying to enter the traditional endpoint security space in terms of its approach to stopping ransomware, Camery said. "We don't look for malware or ransomware itself," he said. "We're not looking for signatures of known ransomware. We're not patterning this on any existing attack." Instead, "this is meant to just look at, are the changes being made to files something that we think are malicious and destructive? Or are these normal changes made by a user?" Camery said. In many ways, "we're actually assuming that you've already been infected by ransomware," he said. "So we're trying to stage this much later in the attack life cycle than our competitors." Industry Adoption Ahead? Google believes that its new approach for blocking ransomware proliferation will be emulated by other industry vendors in the future, Camery said. "We've seen at least one competitor signal that they intend to do things like this," he said. "The closest thing that we've seen is that some competitors allow you to set heuristics that attempt to look for similar signals that we're looking for with our AI." However, "it's not as comprehensive, and you would need to define it in your endpoint protection," Camery said. "In terms of, do we expect people to follow suit? I would expect all the other content providers to launch something like this."

Google Drive Adds AI to Block Ransomware and Restore Files Easily

What we're announcing today is an entirely new layer of defense. While AV solutions continue their work to stop ransomware from getting in, we've built the protections to stop it from being effective once it is, inevitably, through the door. Our AI-powered detection in Drive for desktop identifies the core signature of a ransomware attack -- an attempt to encrypt or corrupt files en masse -- and rapidly intervenes to put a protective bubble around a user's files by stopping file syncing to the cloud before the ransomware can spread. This helps to stop ransomware from doing what it must to be most effective: corrupt important files and make them unusable. In addition, the built-in virus detection in Drive, as well as in Gmail and Chrome, helps to prevent ransomware from spreading to other devices with the aim of taking over an entire network. As a result, these defenses can help organizations in industries such as healthcare, retail, education, manufacturing, and government from being disrupted by the types of ransomware attacks that have been so destructive up to this point. How it works Drive for desktop, available on Windows and macOS, is used to efficiently and securely sync user files and documents to the cloud. It can be also used as a critical line of defense against malware and ransomware attacks. With that in mind, we've built a specialized AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified. The detection engine adapts to novel ransomware by continuously analyzing file changes and incorporating new threat intelligence from VirusTotal. When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization's Drive and the disruption of work. Users then receive an alert on their desktop and via email, guiding them to restore their files. Unlike traditional solutions that require complex re-imaging or costly third-party tools, the intuitive web interface in Drive allows users to easily restore multiple files to a previous, healthy state with just a few clicks. This rapid recovery capability helps to minimize user interruption and data loss, even when using traditional software such as Microsoft Windows and Office. For IT teams, administrators maintain the visibility and control they need by receiving alerts in the Admin console for detected ransomware activity. Administrators can leverage the security center to review the audit log with detailed information. This new capability is on by default for all customers, but administrators have the controls to disable detection and restoration capabilities for end users, if needed. As a reminder, Google does not use customer data, including prompts and generated outputs, for advertising purposes or to train or fine-tune any of its generative AI models without customer permission or instruction. "By seamlessly integrating AI-powered ransomware detection and restore capabilities into Drive, Google is helping organizations with an innovative way to avoid an increasingly common and increasingly dangerous threat while also giving end users the ability to continue working. This is great not only for Google Workspace users but individuals and companies who may use other office productivity suites as well" - Bob O'Donnell, President and Chief Analyst, TECHnalysis Research.

Block ransomware proliferation and easily restore files with AI in Google Drive

By Kristina Behr and Luke Camery Ransomware remains one of the most damaging cyber threats facing organizations today. These attacks can lead to substantial financial losses, operational downtime, and data compromise, impacting organizations of all sizes and industries, including healthcare, retail, education, manufacturing, and government. In fact, intrusions related to ransomware represented 21% of all the intrusions observed by Mandiant last year, with an average ransomware or extortion incident cost exceeding $5M. While native Workspace documents (e.g., Google Docs, Sheets) are not impacted by ransomware and ChromeOS has never had a ransomware attack, ransomware is a persistent threat for other file formats (e.g., PDF, Microsoft Office) and desktop operating systems (e.g., Microsoft Windows). That's why we're enhancing Google Drive for desktop with AI-powered ransomware detection to automatically stop file syncing and allow users to easily restore files with a few clicks. Users see this notification in Drive for desktop when ransomware has been detected on their device, automatically pausing file syncing to the cloud. The traditional approach to fighting ransomware falls short To-date, ransomware has largely been treated as an antivirus (AV) issue: seek out potentially malicious code before it's activated and quarantine it. This is an important and necessary defense, but with the continued success of ransomware attacks over the last few years, it's clear this approach is insufficient. Especially when ransomware is no longer just an IT issue; it has become increasingly disruptive for core business operations, such as manufacturing lines, retail operations, or hospital services. We believe that it's paramount to find a better way to fight ransomware. What we're announcing today is an entirely new layer of defense. While AV solutions continue their work to stop ransomware from getting in, we've built the protections to stop it from being effective once it is, inevitably, through the door. Our AI-powered detection in Drive for desktop identifies the core signature of a ransomware attack -- an attempt to encrypt or corrupt files en masse -- and rapidly intervenes to put a protective bubble around a user's files by stopping file syncing to the cloud before the ransomware can spread. This helps to stop ransomware from doing what it must to be most effective: corrupt important files and make them unusable. In addition, the built-in virus detection in Drive, as well as in Gmail and Chrome, helps to prevent ransomware from spreading to other devices with the aim of taking over an entire network. As a result, these defenses can help organizations in industries such as healthcare, retail, education, manufacturing, and government from being disrupted by the types of ransomware attacks that have been so destructive up to this point. How it works Drive for desktop, available on Windows and macOS, is used to efficiently and securely sync user files and documents to the cloud. It can be also used as a critical line of defense against malware and ransomware attacks. With that in mind, we've built a specialized AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified. The detection engine adapts to novel ransomware by continuously analyzing file changes and incorporating new threat intelligence from VirusTotal. When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization's Drive and the disruption of work. Users then receive an alert on their desktop and via email, guiding them to restore their files. Unlike traditional solutions that require complex re-imaging or costly third-party tools, the intuitive web interface in Drive allows users to easily restore multiple files to a previous, healthy state with just a few clicks. This rapid recovery capability helps to minimize user interruption and data loss, even when using traditional software such as Microsoft Windows and Office. Users can easily restore multiple files to a previous, healthy state with Google Drive. For IT teams, administrators maintain the visibility and control they need by receiving alerts in the Admin console for detected ransomware activity. Administrators can leverage the security center to review the audit log with detailed information. This new capability is on by default for all customers, but administrators have the controls to disable detection and restoration capabilities for end users, if needed. As a reminder, Google does not use customer data, including prompts and generated outputs, for advertising purposes or to train or fine-tune any of its generative AI models without customer permission or instruction. An alert in the Admin console showing a notification for detected ransomware "By seamlessly integrating AI-powered ransomware detection and restore capabilities into Drive, Google is helping organizations with an innovative way to avoid an increasingly common and increasingly dangerous threat while also giving end users the ability to continue working. This is great not only for Google Workspace users but individuals and companies who may use other office productivity suites as well" - Bob O'Donnell, President and Chief Analyst, TECHnalysis Research. Next steps Rolling out starting today in an open beta, this capability is one of the many enterprise-grade security controls in Drive that provide robust protection of sensitive data and business continuity for organizations of all sizes. It is included in most Workspace commercial plans at no additional cost. Consumers also benefit from the file restoration capability at no additional cost. Learn more about these new capabilities and download Drive for desktop today. (The author are Kristina Behr, VP Product Management, Google Workspace and Luke Camery, Lead Group Product Manager, Google Workspace and the views expressed in this article are their own)