Particle.news

Download on the App Store

Google Rolls Out AI Ransomware Detection in Drive for Desktop Open Beta

An AI model trained on millions of samples halts Drive sync at early signs of encryption to enable rapid rollback.

Overview

  • The feature begins rolling out globally today in open beta, is enabled by default at no extra cost for most Workspace customers, and Google targets general availability by year-end.
  • Drive for desktop detects rapid, mass file encryption, pauses syncing after only a few affected files, and alerts users via desktop notification and email.
  • A guided restoration workflow in Drive’s web interface lets users revert corrupted items to healthy versions, while admins receive console alerts and can review audit logs.
  • The detection engine is trained on millions of real ransomware samples and continuously incorporates VirusTotal intelligence to recognize novel behaviors.
  • Protection applies only to files synced through Drive for desktop on Windows and macOS and is designed to complement antivirus and EDR rather than replace them.