Google Workspace adds AI ransomware detection and sync pausing for Drive

By
Follow google news

Will not stop and remove ransomware locally, however.

Google is strengthening its ransomware defences with artificial intelligence-powered malware detection in the Drive cloud storage for customers on Workspace productivity plans, in an effort to limit the damage from the ongoing threat.

Google Workspace adds AI ransomware detection and sync pausing for Drive

Unlike similar, competing solutions from Microsoft, Box and Dropbox, Google's anti-ransomware capability stops file synchronisation to cloud storage automatically when attacks are detected.

Google said that stopping synchronisation to the cloud of local files during ransomware attacks adds a new layer of defence that was missing before.

"While AV [antivirus] solutions continue their work to stop ransomware from getting in, we’ve built the protections to stop it from being effective once it is, inevitably, through the door," Google said.

The new feature is rolled out in an open beta to Workspace customers currently, with the Drive desktop app for Linux, Windows and macOS operating systems required.

Although Google's ransomware protection uses artificial intelligence to monitor file changes for suspicious modifications, it doesn't use the Gemini large language model (LLM) which the company utilises for security purposes such as code vulnerability detection.

Instead, a virus detection engine from Google powers the new anti-ransomware solution.

The Drive client also has built-in virus detection, which Google said helps to prevent ransomware spreading to other devices, across networks.

Google said it has trained the solution on millions of real world ransomware samples and threat intelligence from its VirusTotal scanning site, to ensure comprehensive detection abilities even of new malware variants.

Google Workspace security and compliance product manager Luke Camery said the new features aren't meant to compete with existing antivirus and endpoint detection and response (EDR) systems.

As such, the solution will not stop ransomware running on users' machines, or remove it; nor will it prevent local files from being encrypted.

As the system needs to detect ransomware activity such as mass encryption or corruption of files, at least one file risks being damaged before Drive syncing to the cloud stops.

Files stored in Google Drive are scanned for malware, Camery said, and will always be clean.

Once users have removed the ransomware on their computers, they can then elect to commence a restoration workflow to replace encrypted and damaged local files with clean ones that are backed up to their Google Drives.

Only commercial subscribers of Google's Workspace productivity tools get the full ransomware detection, automatic sync pausing, and guided recovery workflows.

Google Workspace customers with the following plans will get the new capability:

  • Business Standard and Plus
  • Enterprise Starter, Standard and Plus
  • Education Standard and Plus
  • Frontline Standard and Plus

Enterprise administrators receive alerts in the Workspace Admin console when ransomware activity is detected, and can use the security centre to review audit logs with detailed information.

Administrators also have the controls to disable detection and restoration capabilities for end users if needed, Google said.

Google's free users meanwhile will get the file restoration capability for their Drives.

Microsoft has a similar system for its OneDrive storage, and provides a detection and recovery workflow for MS 365 customers.

Document storage vendor Box has the AI powered Shield protective system which includes machine learning based malware detection, along with competitor Dropbox.

While these offer detection and recovery, Google's solution differs in that it intervenes automatically when ransomware is active, and halts file synchronisation.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
aigoogle drivemicrosoft onedriveransomwaresecurity

Sponsored Whitepapers

Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape

Events

Most Read Articles

US Secret Service seizes New York City SIM farm near UN

US Secret Service seizes New York City SIM farm near UN
Jaguar Land Rover cyberattack shutdown to hit four weeks

Jaguar Land Rover cyberattack shutdown to hit four weeks
ACMA proposes digital ID for prepaid mobile SIM verification

ACMA proposes digital ID for prepaid mobile SIM verification
Stealthy, persistent "BRICKSTORM" spying backdoor found in network infrastructure

Stealthy, persistent "BRICKSTORM" spying backdoor found in network infrastructure
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?