Google Unveils Ransomware Detection and File Recovery for Google Drive

Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations and individual users worldwide.

Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of ransomware and malware attacks on both personal and corporate endpoints.

AI-Powered Threat Detection

The general availability release brings a major upgrade to Google’s threat detection engine. Powered by an updated AI model, the system now identifies 14 times more infections than the previous beta version, recognizes a much wider variety of modern ransomware encryption methods, and detects malicious behavior significantly faster.

Throughout the testing phase, thousands of users successfully verified the file restoration process, proving the architecture is highly scalable and reliable during critical incident response scenarios.

Google’s updated security suite introduces three primary mechanisms to halt active attacks and recover compromised data:

• Automated Ransomware Detection: When malicious encryption behavior is identified on a machine running Google Drive for desktop, the application immediately pauses file syncing to prevent corrupted files from overwriting clean cloud backups.
• Dual Notification System: The system triggers an immediate local desktop warning for the end user while simultaneously sending email notifications and logging a detailed alert in the Admin console security center.
• Bulk File Restoration: Victims can roll back their impacted Google Drive to a previous, unencrypted state. Users can select multiple affected files and restore them to the exact versions that existed right before the malware infection occurred, eliminating the need to pay ransom demands.

For IT and security teams, deploying these defenses requires minimal overhead. Both ransomware detection and file restoration are enabled by default across the organization.

Administrators maintain granular control and can toggle these protections on or off at the Organizational Unit (OU) level through the Google Workspace Admin console.

To ensure complete functionality, organizations must deploy Google Drive for desktop version 114 or later; older client versions will still pause file syncing during an attack, but will not display endpoint warning notifications to end users.

Access to these security tools depends on the subscription tier. The bulk file restoration capability is universally available to all Google Workspace customers, Workspace Individual subscribers, and standard personal Google account users.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Google Unveils Ransomware Detection and File Recovery for Google Drive appeared first on Cyber Security News.