Ransomware attacks have loomed for years as an urgent digital threat with no easy solution—especially as they have evolved to include data grab-and-leak attacks that may not even involve data-encrypting malware at all. Traditional ransomware that locks up files and systems is still rampant, though, and Google on Tuesday launched a new defense for its Google Drive for desktop apps that aims to quickly detect ransomware activity and halt cloud syncing before an infection can spread.
While antivirus scanners monitor for signs of malware across a system, the new ransomware protections in Drive for desktop are meant to act as an additional line of defense. The detection capability is built on an AI model that Google trained using millions of real victims files that had been encrypted with various strains of ransomware. And the feature is designed to detect and contain suspected ransomware in desktop Drive very quickly. For enterprise Google Workspace customers, the feature is an asset, protecting files of any format that are stored in Drive for desktop and allowing users to easily restore any data that is encrypted or corrupted by malware. But like other ransomware detection and data backup features, the tool is a treatment not a cure.
“The innovative part is doing that real time detection and quickly stopping the sync to minimize the damage. That was what our customers were telling us they really wanted,” says Jason James, a product manager for Google Workspace. “You’ve got hundreds, millions, billions of users—and so to check every file quickly and accurately and wherever the user is around the world were all challenges.”
A warning that Drive for desktop has detected ransomware and paused cloud syncing. Courtesy of Google
Designed to work in tandem with the malware monitoring tools that Google already builds into Drive, Chrome, and Gmail, the protection was built using the expertise of Google's core antivirus software development team, James notes.
“For me, the coolest part is that we can take this AI-based way of detecting ransomware behavior and then we can pair it with protecting the user’s data so we minimize the damage,” James says. “We see it as a missing safety net.”
The feature has some straightforward limitations, though. It is only relevant at all, of course, if a business or institution uses Drive for desktop in the first place—a not insignificant caveat when so much of enterprise software is still dominated by Microsoft. Additionally, Drive for desktop is an app for Windows PCs and Macs. If ransomware is tearing through digital files that aren't stored in Drive, Google has no ability to detect the infection.
Other cloud storage platforms, including Microsoft's OneDrive and Dropbox, offer features with similarities to the new Drive for desktop ransomware protection. And while detection and response are crucial components as defenders work to deter cybercriminals and empower victims to withhold ransom payments, the benefits and limitations of each individual tool serve as a reminder that there is still no panacea for the threat of ransomware.