Enhanced Ransomware Protection in Google Drive Powered by AI

Google Workspace administrators now have access to generally available, advanced ransomware detection and file restoration features within Google Drive. These enhancements, significantly bolstered by machine learning, aim to provide robust protection against malware attacks and simplify recovery processes for organisations.

The Power of AI in Ransomware Detection

Previously in beta, the ransomware detection and file restoration capabilities have now transitioned to general availability, bringing with them substantial improvements in malware identification. A core component of this advancement is a refined artificial intelligence model. This updated model is now capable of detecting fourteen times more infections than its predecessor, offering a more comprehensive layer of security for organisational data stored in Google Drive.

This sophisticated detection mechanism is crucial for minimising the impact of ransomware. When a ransomware threat is identified on a user's computer running Google Drive for desktop, file synchronisation is automatically paused. This immediate action prevents the further spread of encrypted files. Both the affected user and administrators receive prompt notifications. Administrators will find alerts within the Admin Console's security centre, complemented by notification emails, ensuring timely awareness and response.

Streamlined File Restoration

Beyond detection, the file restoration feature provides a critical recovery tool. Organisations can now efficiently restore multiple files to a state prior to any ransomware infection. This bulk restoration capability is designed to save significant time and resources, allowing for quick recovery without the need to consider ransom payments.

This functionality has undergone extensive testing by thousands of users during its beta phase, demonstrating its scalability and reliability in real-world scenarios. It empowers users and administrators to revert files to an uncompromised version with ease, maintaining business continuity.

Administrator Controls and Availability

Administrators retain full control over these security features through the Admin Console. Ransomware detection is enabled by default for users across an organisation but can be managed at the Organisational Unit (OU) level. This setting is located under Admin Console > Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware.

Similarly, Drive file restoration is also on by default and can be configured at the OU level via Admin Console > Apps > Google Workspace > Settings for Drive and Docs > Drive file restoration. To ensure users receive detection alerts, it is essential that they are running Google Drive for desktop version 114 or later, although file syncing will still be paused on older versions if ransomware is detected.

Availability details are as follows:

• File Restoration: Available to all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts.
• Ransomware Detection: Available to customers with Business Standard and Plus, Enterprise Starter, Standard, and Plus, Education Standard and Plus, and Frontline Standard and Plus editions.

These AI-powered security enhancements represent a significant step in safeguarding organisational data within Google Drive, offering administrators more robust tools to manage and mitigate cybersecurity threats effectively.