Quite a lot of our day-to-day workflow now happens in the Cloud, whether by convenience or necessity. As with any mass storage medium, this leaves our precious files open to attack from cybercriminals. Ransomware targets files, both online and offline, and a storage service like Google Drive is no exception. Google knows this and has made ransomware detection and restoration widely available.
In this article, we’ll be looking at Google Drive ransomware detection and restoration, and what they entail.
Google Gets Serious With Ransomware
Early adopters of Google’s ransomware technology will tell you that this development has been in the works (and Beta, specifically) since 2025. This year, the technology has been rolled out on a large scale, with an AI now 14 times more effective at detecting ransomware attacks than it was in testing. Users of Google Drive V.114 and newer will be eligible.
It’s similar to product offerings being rolled out by Dropbox and Microsoft for their subscribers. But what does each service entail?
Google Drive Ransomware Detection
Let’s start with the first service: ransomware detection. This technology applies to those who have the Google Drive desktop client installed on their machine. In addition, this part of the service is available only to enterprise and individual subscribers, including:
- Business Standard and Plus users.
- Enterprise Standard and Plus users.
- Frontline Standard and Plus users.
- Education Standard and Plus users.
Admins will have to activate this service to apply to all users, and it can be disabled and enabled from the Admin Settings under the “Drive and Docs” section of “Google Workspace.”
Whenever the client AI detects suspicious activity on the Google Drive, a notification will pop up on the user’s desktop. Files are scanned automatically with the feature enabled, and any form of ransomware encryption will trigger the sensor. Files will stop syncing to contain the damage, and a message will be sent to the admin.
In the case of false positives, a user can flag the situation as such, and a 24-hour cooldown period will allow them to keep syncing with the detection disabled.
Google Drive File Restoration
The second feature, Google Drive File Restoration, is available to all users of Google Drive on Desktop. While ordinary users won’t have their Drive constantly scanned, backups of all their folders and files will be kept by Google, in case of a ransomware encryption attack, backups are available to negate the damage. It doesn’t prevent the attack, but provides the cure.
All backups are stored for 25 days at a time, enabling bulk restoration if anything goes wrong. Google will offer a detailed walkthrough to users, instructing them on how to restore files step-by-step. It’s a handy feature, and it doesn’t hurt that it’s available to all and is enabled by default.
Thanks for your feedback!
