Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally.
Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of malware attacks on both personal and corporate endpoints.
The general availability release brings massive upgrades to Google’s threat detection engine. Powered by an updated AI model, the system now identifies 14 times more infections than the previous beta version.
It recognizes a much wider variety of modern ransomware encryption methods and detects malicious behavior significantly faster, providing comprehensive protection against rapidly evolving threat actors.
Throughout the testing phase, thousands of users successfully verified the file restoration process, proving the architecture is highly scalable and reliable during critical incident response scenarios.
Core Defense Capabilities
Google’s updated security suite introduces primary mechanisms to halt active attacks and recover compromised data efficiently:
- Automated Ransomware Detection: When malicious encryption behavior is identified on a machine running Google Drive for desktop, the application immediately pauses file syncing to prevent corrupted files from overwriting clean cloud backups.
- Dual Notification System: The system triggers an immediate local desktop warning for the end user while simultaneously sending email notifications and logging a detailed alert in the Admin console security center.
- Bulk File Restoration: Victims can seamlessly roll back their impacted Google Drive to a previous, unencrypted state to avoid paying ransom demands. Users can select multiple affected files and restore them to the exact versions that existed right before the malware infection occurred.
For IT and security teams, deploying these new defences requires minimal overhead. Both ransomware detection and file restoration are enabled by default across the organisation.
Administrators maintain granular control and can toggle these protections on or off at the Organizational Unit (OU) level through the Google Workspace Admin console.
When the system identifies a potential threat, administrators receive automated email warnings alongside detailed diagnostic data within the Alert Center.
To ensure complete functionality, organizations must deploy Google Drive for desktop version 114 or later.
While older client versions will still successfully pause file syncing during an attack, they lack the capability to display endpoint warning notifications to the end user.
Licensing and Availability
Access to these security tools depends on the specific account type and subscription tier.
The bulk file restoration capability is universally available to all Google Workspace customers, Workspace Individual subscribers, and users with standard personal Google accounts.
Automated ransomware detection requires specific organizational licensing tiers:
- Business: Available for Business Standard and Plus
- Enterprise: Available for Enterprise Starter, Standard, and Plus
- Education: Available for Education Standard and Plus
- Frontline: Available for Frontline Standard and Plus
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
Click Here For The Original Source.
