Google has expanded its AI-powered ransomware detection feature in Drive, making it available to all Workspace users after a limited trial. The move comes amid growing concerns over cyberattacks targeting businesses and organisations worldwide, including in Australia, where ransomware incidents have increasingly affected both public and private sectors.
AI Security Upgrade Now Standard Across Workspace
The feature, now enabled by default, is designed to detect suspicious file activity associated with ransomware attacks. When a potential threat is identified, Google Drive automatically pauses file syncing on desktop devices to prevent the spread of malicious changes across systems.
Users are then prompted with recovery options, allowing them to restore earlier, unaffected versions of their files. Notifications are issued both to users and administrators, helping organisations respond quickly to potential breaches.
This rollout follows a testing phase conducted last year with a smaller group of users. According to Google, improvements made since then mean the system can now detect up to 14 times more ransomware-related activity.
How the Detection System Works
Google says the tool has been trained on millions of real-world ransomware samples. It uses this data to identify unusual file modifications that may indicate an attack.
Once triggered, the system halts synchronisation of affected files, reducing the risk of widespread data corruption across an organisation’s Drive environment. Users are then guided through recovery steps via app notifications and email alerts.
The detection engine also continuously evolves. By analysing file changes and incorporating threat intelligence from sources such as VirusTotal, it adapts to new and emerging ransomware variants.
Limitations and Admin Controls
Despite its benefits, the feature does come with some limitations. It currently only works with the Google Drive desktop application on Windows and macOS, meaning users relying solely on browser-based access or mobile devices may not receive the same level of protection.
Another key restriction is that administrative control sits exclusively with Workspace admins. While the feature is switched on by default, only administrators can disable it or manage restoration settings. These controls are located within the Admin console under Drive and Docs security settings.
Admins also receive alerts through the security centre and can review detailed audit logs to monitor incidents and responses.
No Additional Cost for Most Plans
Google has confirmed that the ransomware detection feature is being rolled out in open beta across most commercial Workspace plans at no extra cost. This positions it as an accessible security enhancement for businesses of all sizes, from small enterprises to large organisations.
Rising Importance of Cloud Security
As more organisations shift to cloud-based workflows—particularly in regions like Australia where hybrid work is now common—protecting shared data environments has become critical. Ransomware attacks can lead to operational disruption, financial loss, and reputational damage.
By embedding AI-driven detection directly into Drive, Google aims to provide a proactive layer of defence without requiring additional software or complex setup.
Conclusion
Google’s full rollout of AI-powered ransomware detection marks a significant step in strengthening cloud security for Workspace users. While the feature has some limitations, particularly around platform support and admin-only controls, it offers a practical and automated way to reduce the impact of cyberattacks. As ransomware threats continue to evolve, tools like this are likely to become a standard part of business IT environments.
“Student. Subtly charming organizer. Certified music advocate. Writer. Lifelong troublemaker. Twitter lover.”
