Google Drive ransomware detection now on by default for paying users

bleepingcomputer.com · Brajeshwar · 5 days ago · view on HN · news
quality 7/10 · good
0 net
Tags
google malware microsoft node
Google Drive ransomware detection now on by default for paying users Home News Security Google Drive ransomware detection now on by default for paying users Google Drive ransomware detection now on by default for paying users By Sergiu Gatlan April 1, 2026 02:35 AM 0 Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. Announced in September 2025 , a beta version of this feature began rolling out to Google Workspace customers worldwide in early October. Google Drive will immediately pause file syncing when it detects a ransomware attack, notifying users and IT admins of the breach and drastically minimizing the impact of such incidents. While this will not prevent the files on the compromised computer from being encrypted, documents stored in Google Drive will be protected and can be quickly restored once the malware infection is resolved. After an attack is blocked, users are also provided with detailed instructions for restoring corrupted files using the Drive restoration tool to undo ransomware changes. "When ransomware detection is on, files are scanned for ransomware when they are synced from a desktop computer to Drive," Google explains . "If ransomware-encrypted files are found, desktop sync is paused. The affected user gets an email alert and is notified in Drive, and an alert is created in the Google Admin console." "Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster. Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection," it added . Google says the feature is now on by default for all users in organizations with business, enterprise, education, and frontline licenses, while the file restoration feature is available to all Google Workspace customers, Workspace individual subscribers, and users with personal Google accounts. Although enabled by default for all users, admins can turn it off for their organizations in the Admin console under Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware. While admins will have to install the latest version of Google Drive for desktop (v.114 or later) on all endpoints to enable detection alerts, file syncing will still be paused on older versions. Microsoft also provides OneDrive ransomware detection and recovery for Microsoft 365 subscribers who store and sync their files in the cloud. Dropbox, another widely used cloud storage service, offers a similar feature to customers on Business Plus, Advanced, or Enterprise plans, as well as for Standard or Business plans with the Security add-on. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other. This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: AI-generated Slopoly malware used in Interlock ransomware attack Google says hackers are abusing Gemini AI for all attacks stages Bubble AI app builder abused to steal Microsoft account credentials CISA: New Langflow flaw actively exploited to hijack AI workflows GitHub adds AI-powered bug detection to expand security coverage AI Artificial Intelligence Desktop Google Google Drive Ransomware Restoration Sergiu Gatlan Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Cisco source code stolen in Trivy-linked dev environment breach Hackers compromise Axios npm package to drop cross-platform malware Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now Sponsor Posts 5 Things to Measure in an AI-Driven SOC (That Didn't Exist Before) New fraud playbooks are circulating on the dark web — are you keeping up? Attackers aren’t breaking in. They’re logging in. See how these intrusions unfold Is your program ready for agentic GRC? See what shift enterprise teams need to make. A unified control plane for all identities, human, non-human, and agentic. Upcoming Webinar Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories