Google Drive ransomware detection now on by default for paying users
Google Drive ransomware detection now enabled by default for paid workspace users.
Summary
Google announced general availability of its AI-powered ransomware detection feature for Google Drive, now enabled by default for all paying Workspace users. The feature pauses file syncing upon detecting ransomware, alerts users and admins, and enables quick restoration of affected files. The latest AI model detects 14x more infections compared to the beta version, providing more comprehensive protection across organizations.
Full text
Google Drive ransomware detection now on by default for paying users By Sergiu Gatlan April 1, 2026 02:35 AM 0 Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. Announced in September 2025, a beta version of this feature began rolling out to Google Workspace customers worldwide in early October. Google Drive will immediately pause file syncing when it detects a ransomware attack, notifying users and IT admins of the breach and drastically minimizing the impact of such incidents. While this will not prevent the files on the compromised computer from being encrypted, documents stored in Google Drive will be protected and can be quickly restored once the malware infection is resolved. After an attack is blocked, users are also provided with detailed instructions for restoring corrupted files using the Drive restoration tool to undo ransomware changes. "When ransomware detection is on, files are scanned for ransomware when they are synced from a desktop computer to Drive," Google explains. "If ransomware-encrypted files are found, desktop sync is paused. The affected user gets an email alert and is notified in Drive, and an alert is created in the Google Admin console." "Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster. Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection," it added. Google says the feature is now on by default for all users in organizations with business, enterprise, education, and frontline licenses, while the file restoration feature is available to all Google Workspace customers, Workspace individual subscribers, and users with personal Google accounts. Although enabled by default for all users, admins can turn it off for their organizations in the Admin console under Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware. While admins will have to install the latest version of Google Drive for desktop (v.114 or later) on all endpoints to enable detection alerts, file syncing will still be paused on older versions. Microsoft also provides OneDrive ransomware detection and recovery for Microsoft 365 subscribers who store and sync their files in the cloud. Dropbox, another widely used cloud storage service, offers a similar feature to customers on Business Plus, Advanced, or Enterprise plans, as well as for Standard or Business plans with the Security add-on. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: AI-generated Slopoly malware used in Interlock ransomware attackGoogle says hackers are abusing Gemini AI for all attacks stagesCISA: New Langflow flaw actively exploited to hijack AI workflowsGitHub adds AI-powered bug detection to expand security coverageBubble AI app builder abused to steal Microsoft account credentials