Google releases AI-powered ransomware detection features for cloud files

imaginima/E+/Getty Images ZDNET's key takeaways Google is adding ransomware detection to its Drive for desktop utility. The feature uses AI to detect likely attacks and stop syncing encrypted files. It's available as a beta release today for commercial customers at no extra cost. To an organization, nothing is more disruptive than falling victim to a ransomware attack. A successful attack means that the organization's files are forcibly encrypted and their business grinds to a halt until they pay a ransom or restore a backup. That's bad for profits if you're running a factory that manufactures widgets, but ransomware can kill people if the target is a hospital or healthcare system -- and there were more than 1,000 such attacks against healthcare providers in the U.S. alone between 2010 and 2024. Also: Phishing training doesn't stop your employees from clicking scam links - here's why Recovering from a ransomware attack is possible if an organization has good backups, but that's a time-consuming process. It's also expensive, with the typical cost of a ransomware incident measured in the millions of dollars. It's much more effective to stop the malicious code before it can corrupt the organization's files and render them unusable. That's the goal of a new feature that Google announced today for enterprise customers using its Google Drive cloud storage products with Google Workspace. The new feature adds AI-powered ransomware detection to the Drive for desktop sync utility on Windows and MacOS computers, automatically pausing the sync process when it detects activity that is characteristic of a ransomware attack. When the Drive for desktop utility detects a ransomware attack, it stops syncing and displays this notice. Screenshot courtesy of Google It's the latest escalation in a battle with global criminal organizations that are increasingly using AI-based tools to develop and spread their malware. According to Google, its new AI model has been trained on millions of real-world ransomware samples, drawn from its VirusTotal database. The detection engine looks for "signals that a file has been maliciously modified," stopping the sync process and alerting the user. At that point, Google claims, the recovery process "allows users to easily restore multiple files to a previous, healthy state with just a few clicks." Google Drive users can recover from a ransomware attack by restoring original, untampered files from the cloud. Screenshot courtesy of Google The detection also alerts administrators, who can review audit logs with more detailed information. According to the company, this feature is on by default for all customers with commercial Google Workspace plans, at no additional cost. Admins can disable detection and restoration capabilities for end users from the Workspace management console. Other cloud-based providers offer ransomware protection features, typically involving some form of versioning that allows an organization to roll back to an uncorrupted state and prevents ransomware from tampering with those backups. Microsoft OneDrive for Business, for example, has an exhaustive collection of procedures for Azure and Microsoft 365 administrators to follow. Dropbox offers ransomware detection as part of a security add-on that costs extra for Standard and Business plans but is included for free with Advanced and Enterprise plans. The Google features are available in a beta release that is available today as an update to the Drive for desktop utility on Windows and MacOS.