Ransomware, AI/ML, AI benefits/risks, Malware

Google adds AI-powered ransomware detection to Drive for Desktop

(Credit: monticellllo – stock.adobe.com)

Google is rolling out an AI-driven ransomware detection feature in Google Drive for Desktop that automatically pauses file syncing and alerts users when ransomware is detected.

The company announced Tuesday that it trained a specialized AI model on millions of real-world ransomware samples, and Drive for Desktop on Windows and macOS will use this model to identify signs of ransomware in files as they are being synced to the cloud.

If unusual file changes, such as encryption or corruption, are detected, file syncing will automatically be paused and the user will be alerted to the threat.

The alert shown in Google’s announcement provides steps for users to follow to restore their files and resume syncing, emphasizing that the user should ensure the ransomware is removed before syncing restarts. The warning also notes that Drive only stores old versions of files for 25 days, meaning recovery should be performed within that time period.

A recovery interface within Drive allows users to restore multiple files affected by ransomware to their unaffected versions, reverting malicious changes and preventing data loss, the company said.

“By seamlessly integrating AI-powered ransomware detection and restore capabilities into Drive, Google is helping organizations with an innovative way to avoid an increasingly common and increasingly dangerous threat while also giving end users the ability to continue working,” Bob O’Donnell, president and chief analyst at TECHnalysis Research, said in a statement accompanying the announcement.  

Google said its new AI-powered ransomware detection engine is continually updated with threat intelligence from VirusTotal, allowing it to respond to emerging ransomware strains. The feature is being rolled out in open beta at no extra cost for commercial Google Workspace users; file restoration is also available to consumer users at no extra cost, according to the announcement.

Google Workspace administrators will also receive ransomware alerts in the Admin console and can review related audit logs from the security center. Admins will have the ability to disable detection or restoration if needed, Google said.

Google has also been leveraging AI in its efforts to uncover vulnerabilities through projects including its Big Sleep AI agent and AI-enhanced fuzzing tool, OSS-Fuzz.   

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds