The latest Google Drive update uses AI to block ransomware from corrupting cloud data

Google has launched a new AI-powered security feature in Drive for Desktop that detects ransomware attacks and automatically halts file syncing, giving users a chance to recover data before it is permanently locked or corrupted.

AI Detection Built Into Google Drive

The update, rolled out globally on September 30, 2024, integrates a custom-built AI ransomware detection system into Google Drive for Desktop on both Windows and macOS. The technology has been trained on millions of real ransomware samples from sources such as Mandiant and VirusTotal, enabling it to identify unusual file modifications that suggest an ongoing attack.

When ransomware is detected, the system automatically pauses file syncing to the cloud, preventing further corruption. Users are immediately notified through desktop pop-ups and email alerts, with guided steps to restore clean file versions directly via Google Drive’s interface.

Why Antivirus Alone Is Not Enough

According to Luke Camery, Lead Group Product Manager for Google Workspace, relying on traditional antivirus software is no longer sufficient. “Antivirus tools will continue to focus on keeping the ransomware out. Our new defences keep ransomware from doing damage if it gets in,” he said.

The AI-driven tool is designed to stop ransomware’s most harmful action — making important files inaccessible. Unlike third-party recovery software, Drive’s native restoration process allows multiple files to be rolled back quickly, without complex re-imaging steps.

Rising Global Cybersecurity Threats

The launch comes amid a surge in ransomware cases worldwide. A Cyberint report recorded 5,414 attacks on organisations in 2024, an 11% increase from 2023, affecting industries from healthcare and finance to manufacturing and government agencies.

In Singapore, the Cyber Security Agency (CSA) reported in September that ransomware incidents rose over 20% to 159 cases in 2024, while overall malware infections spiked 67% year-on-year to 117,300. Most breaches occurred because users failed to update vulnerable software.

Enterprise-Grade Protection for All Users

The new ransomware shield is active by default for Google Workspace subscribers, which include more than 11 million paying organisations worldwide. IT administrators can manage detection and recovery settings via the Admin Console and Security Center, with access to detailed incident logs.

Kristina Behr, VP of Product Management at Google Workspace, said the AI model continues to learn from new threats in real time. “When Drive detects suspicious activity, the system halts syncing, prevents wider damage, and enables simple recovery without costly third-party tools,” she explained.

Google’s new ransomware defence marks a shift in cloud security, prioritising proactive intervention over reactive clean-up. For businesses in Southeast Asia and beyond, the update not only reduces downtime and data loss but also strengthens resilience against one of today’s most costly and disruptive cyber threats.

Sources: Katadata.co.id (2025) , Straits Times (2025)

Keywords: Google Drive, Ransomware Protection, AI Security, Cybersecurity, Cloud Storage, Data Recovery