By Sergiu Gatlan, Bleeping Computer
Click here to read the entire article.
Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users.
Announced in September 2025, a beta version of this feature began rolling out to Google Workspace customers worldwide in early October.
Google Drive will immediately pause file syncing when it detects a ransomware attack, notifying users and IT admins of the breach and drastically minimizing the impact of such incidents.
While this will not prevent the files on the compromised computer from being encrypted, documents stored in Google Drive will be protected and can be quickly restored once the malware infection is resolved.
After an attack is blocked, users are also provided with detailed instructions for restoring corrupted files using the Drive restoration tool to undo ransomware changes.
“When ransomware detection is on, files are scanned for ransomware when they are synced from a desktop computer to Drive,” Google explains. “If ransomware-encrypted files are found, desktop sync is paused. The affected user gets an email alert and is notified in Drive, and an alert is created in the Google Admin console.”
“Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster. Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection,” it added.
Google says the feature is now on by default for all users in organizations with business, enterprise, education, and frontline licenses, while the file restoration feature is available to all Google Workspace customers, Workspace individual subscribers, and users with personal Google accounts.