Google Drive is enhancing its desktop application with a new feature designed to detect ransomware activity. This feature utilizes an artificial intelligence model that has been trained on a vast dataset of ransomware samples to identify signs that a file may have been tampered with maliciously. If the AI detects potential ransomware behavior—such as attempts to encrypt multiple files—it will automatically cease syncing the affected Drive files, notify users via desktop alerts and email, and enable file restoration to a previous version.
Today marks the beginning of an open beta rollout for this feature, with Google’s Luke Camery indicating during a press briefing that it is expected to be fully available by year-end.
According to Google, “We’ve built a specialized AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified.” The detection mechanism adapts to new types of ransomware by consistently reviewing file changes and integrating fresh threat intelligence from services like VirusTotal. In cases of suspicious activity indicative of a ransomware attack, Drive will automatically halt syncing on affected files to prevent widespread data loss and minimize workplace disruption.
Ransomware incidents are on an upward trajectory, with the Office of the Director of National Intelligence documenting 5,289 ransomware attacks globally in 2024—a 15 percent increase compared to 2023.
