Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users.
Announced in September 2025, a beta version of this feature began rolling out to Google Workspace customers worldwide in early October.
Google Drive will immediately pause file syncing when it detects a ransomware attack, notifying users and IT admins of the breach and drastically minimizing the impact of such incidents.
While this will not prevent the files on the compromised computer from being encrypted, documents stored in Google Drive will be protected and can be quickly restored once the malware infection is resolved.
After an attack is blocked, users are also provided with detailed instructions for restoring corrupted files using the Drive restoration tool to undo ransomware changes.
“When ransomware detection is on, files are scanned for ransomware when they are synced from a desktop computer to Drive,” Google explains. “If ransomware-encrypted files are found, desktop sync is paused. The affected user gets an email alert and is notified in Drive, and an alert is created in the Google Admin console.”
“Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster. Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection,” it added.
[embedded content]
Google says the feature is now on by default for all users in organizations with business, enterprise, education, and frontline licenses, while the file restoration feature is available to all Google Workspace customers, Workspace individual subscribers, and users with personal Google accounts.
Although enabled by default for all users, admins can turn it off for their organizations in the Admin console under Apps > Google Workspace > Settings for Drive and Docs > Malware and Ransomware.
While admins will have to install the latest version of Google Drive for desktop (v.114 or later) on all endpoints to enable detection alerts, file syncing will still be paused on older versions.
Microsoft also provides OneDrive ransomware detection and recovery for Microsoft 365 subscribers who store and sync their files in the cloud.
Dropbox, another widely used cloud storage service, offers a similar feature to customers on Business Plus, Advanced, or Enterprise plans, as well as for Standard or Business plans with the Security add-on.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
