Google is adding AI to Drive for desktop to automatically detect ransomware attacks.
Google is introducing AI-powered ransomware protection in Drive for desktop. The new feature detects suspicious activity, automatically pauses file synchronization, and helps users quickly restore affected files.
On the Desktop
The feature is available for Windows and macOS via Drive for desktop. The built-in AI was trained on millions of ransomware examples and detects attempts to encrypt or corrupt multiple files at once. When such an attack is detected, the app automatically pauses synchronization with the cloud. This prevents corrupted files from spreading further within the organization.
Users receive a notification on their desktop and via email. Through the Google Drive web interface, they can then restore multiple files at once to a previous version. This restore capability also works for traditional file formats such as PDFs or Microsoft Office files. According to Google, this reduces the impact of an attack, especially for organizations working with classic desktop environments.
Additional
The AI detection works in addition to the existing malware protection in Gmail, Chrome, and Google Drive itself, which prevents infected files from spreading across the network. This solution does not eliminate the source of the attack. Recovery only comes into play once the attack has actually been stopped and systems are clean again.
IT administrators receive alerts about detected ransomware via the Admin console, where they also find log files with details about the attack. They can use these to further mitigate the incident.
Enabled by Default
The feature is enabled by default for all customers but can be manually disabled via the admin settings. Google emphasizes that it does not use customer data for advertising purposes or AI training without explicit consent.
The new protection is currently rolling out in open beta and is available at no extra cost for most business Workspace plans. Consumers can also use the restore option.
A (not) Brand-New Defense Layer
Google is marketing the protection as a special new layer that goes beyond endpoint antivirus. The company calls it a “completely new layer of defense.” While Drive for desktop offers relevant ransomware protection for heavy Drive users, that claim isn’t accurate.
Microsoft has offered similar ransomware protection via Defender for Endpoint since mid-2024, which you can enable directly on Windows. As far back as 2018, Sophos introduced