Google is launching an AI-powered ransomware detection and intervention capability for Google Drive for Desktop, aimed at limiting the impact of ransomware’s payload that damages user data or system infrastructures. The app is available for Windows and macOS systems, although this feature is currently in open beta for public testing.
Google Drive Ransomware Recovery
Ransomware accounts for 21% of all intrusions in 2024, according to Google subsidiary Mandiant, with an average incident cost exceeding USD 5 million. This type of malware works by encrypting the victim’s files, rendering them unusable; attackers will then demand a ransom in exchange for keys or passwords to unlock these files. It is also one of the most popular forms of cyberattacks today.
While Google Workspace files (which are saved online) and ChromeOS are ransomware-proof – or so Google claims – the problem usually lies on the local files involving PDFs or Microsoft Office documents (.docx, .xlsx, .pptx, and more), which are used by malware to masquerade themselves under social engineering attacks; Windows being the most popular operating system in the world also doesn’t help the fact that it’ll be the primary target for hackers, too.
The way Google deals with ransomware attacks are straightforward: when ransomware is detected on the system, Google Drive simply pauses file syncing to limit the spread of corrupted files. Users are then provided with an option to restore previous file versions with a few clicks. Google says the system relies on a “proprietary AI model” trained on millions of “real-world ransomware samples,” with threat intelligence from VirusTotal. It monitors file changes to detect suspicious encryption activity and immediately intervenes to contain the attack.
Should the ransomware be detected on the system, users are notified through desktop alerts and email, while administrators can view incident logs and alerts in the admin console. This feature is enabled by default for Google Workspace customers, with options for administrators to adjust or disable it if needed; consumers also have access to the restoration function at no additional cost.
Pokdepinion: While this feature is great at speeding up the recovery process, having backup copies are always a good practice when the worst happens, be it businesses or home users.
