Overview
- The feature is available now in open beta for Drive for desktop on Windows and macOS, with Google aiming for general availability by year’s end.
- It is included at no additional cost for most Workspace commercial plans and is enabled by default, while consumers also get file restoration capabilities.
- A proprietary AI model trained on millions of real ransomware samples uses behavioral signals and threat intelligence from VirusTotal and Mandiant inputs to spot rapid mass encryption and typically halt syncing after three to five files.
- Users receive desktop and email alerts with a guided restoration flow to revert files to healthy versions, and administrators get console alerts, audit logs, and the option to disable the feature.
- Protection applies only to files synced via Drive for desktop and is intended to complement antivirus, EDR, and backups, with infected endpoints needing remediation before recovery.