Flat vector illustration of a hand holding money for paying the key from hacker for unlock folder.
Image: nicescene/Adobe Stock

Google is deploying an update to Drive for desktop that uses AI to analyze files for abnormal behavior, creating a line of defense against ransomware between antivirus scans and recovery, and backup solutions. The new ransomware detection is “an alarm system that traps attackers in your entranceway,” said Luke Camery, lead group product manager at Google Workspace, in a press briefing.

1
TitanHQ

Company Size

Employees per Company Size

Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)

Micro (0-49 Employees), Enterprise (5,000+ Employees)
Micro, Enterprise

Features

Data Security, Email Security

2
Rippling IT

Company Size

Employees per Company Size

Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)

Any Company Size
Any Company Size

Features

Activity Monitoring, Dashboard, Data Security, and more

3
NordLayer

Company Size

Employees per Company Size

Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)

Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees)
Small, Medium, Large, Enterprise

Features

Firewall

Users can manually restore files in Drive for desktop

The new layer of protection combines the capabilities of Google’s VirusTotal with AI predictions about abnormal, red-flag changes to files. The AI system was trained on millions of examples of malware, Camery and Google Workspace VP of Product Management Kristina Beht said. It looks for signs such as converting from a human-readable PDF to an obfuscated one, or identifies potentially malicious file types.

The new method builds on the AI anti-phishing measures Google introduced in Gmail last year.

If Drive detects ransomware, it will alert the user and lock up any files that may have been impacted. The user can open up a dashboard to manually view different versions of their files until they find a clean copy to restore.

If malware is detected, a pop-up in Google Drive guides the user through the process of restoring their files. Source: Google
If malware is detected, a pop-up in Google Drive guides the user through the process of restoring their files. Source: Google

Drive stores old versions of files for up to 25 days, allowing users to choose to restore any version up to 25 days old.

“This solution operates at a fundamentally different altitude than status quo solutions, using the most cutting-edge AI to adapt quickly and restore a customer’s peace of mind. What we’re delivering today is not an incremental improvement … it’s a critical new layer of defense delivered at no extra cost to our customers,” said Beht.

The AI component isn’t trained on characteristics of specific ransomware, the Google representatives said. Instead, it focuses only on what is being done to files, and whether an activity might be suspicious. The new ransomware detection capability was trained on a wide variety of file types commonly used at work, ranging from CAD to text.

“We can do just about anything other than binary or a file that was already encrypted,” said Camery.

It also won’t catch infiltration, he added.

Beta open now

The ransomware detection capability is available in beta starting Sept. 30 in Google Drive for desktop on Windows or macOS. All subscribers to the Business Standard tier or above will receive it as part of their subscription at no additional cost.

The feature is expected to enter general availability by the end of 2025.

Google’s new Data Commons MCP Server makes it easier for AI agents to check their work against public datasets.