Google Drive for Desktop gets AI-powered ransomware protection

Google just added AI-powered ransomware detection to its Google Drive for Desktop app. Here's how it works, and how ransomware is evolving.

Google Drive for Desktop

Google Drive for Desktop is an app for Windows and macOS that lets users sync their files between Google Drive and their computers without a web browser. As of this Tuesday, the app now uses a Google-trained AI model to detect unusual activities that suggest a ransomware attack.

Once detected, the app pauses syncing of affected files, alerts users via desktop and email, and offers an intuitive interface to restore files. The key is catching the attack before it propagates through the cloud and impacts all your files.

Ransomware works by encrypting user documents and files in the background. Once done, a payment is demanded to recover the files. The encryption happens silently, often over hours or days, so you don't notice until it's too late. By that point, all local files are encrypted, and for users syncing to the cloud, their backups, too.

Recent ransomware attacks

Indonesia's Temporary National Data Centre was compromised by a ransomware attack last year, impacting at least 230 agencies. Incredibly, the hackers gave the data back despite no ransom being paid. Nobody knows why. Perhaps the attackers got nervous about the scale of what they'd done, or perhaps it was a proof of concept that went too far.

Last week, I wrote about how Jaguar Land Rover went from making 1,000 vehicles a day to zero for multiple weeks due to a cyber breach and ransomware attack. The losses are staggering. This wasn't just IT systems going down, this was an entire manufacturing operation stopped cold because digital systems control everything in modern factories.

Changing face of ransomware

Ransomware has evolved significantly over the years. Today, the cybercrime has grown into a highly lucrative and sophisticated business with professional operations, customer service departments, and franchise models.

Crucially, extortion efforts have changed. Today, it's possible to extort payment more than once. Beyond extorting for recovery of the data, cybercriminals increasing demand for more payment not to publish stolen data online. Then there's "Ransomware 3.0" which sees them go after individuals in the case of organisational data leaks.

That last one is particularly nasty. Imagine your company gets breached and customer data stolen. You refuse to pay. The attackers then contact individual customers and threaten to release their personal information unless they pay.

It's the disruption

It's worth noting that ransomware protection is being built into a growing number of products. It's becoming less about data being frozen and more about the disruption.

That's why Google Drive for Desktop's ability to quickly recover large numbers of files is useful. The faster you can restore operations, the less leverage attackers have. They're counting on the panic and chaos to pressure you into paying.

Some data, like healthcare records, never loses relevance. Unlike credit card numbers which can be cancelled and reissued, medical histories and personal health information remain valuable indefinitely. This makes healthcare organisations particularly attractive targets because they have compelling reasons to pay rather than risk patient data being leaked.

How do you protect yourself from ransomware or malware in general?