Google Drive adds AI ransomware detection to stop attacks before they spread

Google Drive is adding AI-powered ransomware detection to its desktop application, using a specialized model trained on millions of real-world ransomware samples to identify malicious file modifications before they spread. The feature automatically pauses file syncing when threats are detected, sends alerts to users, and enables file restoration, addressing the growing ransomware threat that saw 5,289 attacks worldwide in 2024—a 15% increase from the previous year.

How it works: Google’s AI model continuously monitors file changes on Windows and macOS systems to detect signs of ransomware activity like mass encryption or corruption attempts.

• When the system detects suspicious activity, it automatically stops syncing Drive files to prevent widespread data corruption across an organization.
• Users receive immediate notifications on their desktop and via email when potential ransomware is detected.
• The detection engine adapts to new ransomware variants by incorporating threat intelligence from VirusTotal, Google’s malware analysis service, and analyzing evolving file modification patterns.

Key details: The ransomware detection feature is launching in open beta today, with general availability planned by the end of 2024.

• Google trained the AI model specifically on “millions of real-world ransomware samples” to improve accuracy in identifying malicious modifications.
• The tool allows users to restore affected files to previous versions once an attack is detected and contained.
• The feature targets both individual users and organizations looking to protect their Google Drive data from ransomware attacks.

Why this matters: Ransomware attacks continue escalating globally, with the Office of the Director of National Intelligence reporting 5,289 incidents in 2024, representing a 15% year-over-year increase.

• Google’s proactive approach aims to prevent data loss before it occurs, rather than relying solely on post-attack recovery methods.
• The integration of AI-powered threat detection directly into cloud storage platforms reflects the evolving cybersecurity landscape where prevention is increasingly automated.

What they’re saying: “We’ve built a specialized AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified,” Google explained in its blog post.

• Luke Camery from Google indicated the company’s commitment to making the feature generally available by year-end during a media briefing.
• “When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization’s Drive and the disruption of work,” the company stated.