**Google Drive** now includes an AI-driven ransomware detection feature that is generally available and enabled by default for all paying users. This enhancement was initially announced in September 2025 and rolled out as a beta to **Google Workspace** customers in early October. ### Immediate Response to Ransomware Attacks When **Google Drive** detects a ransomware attack, it will immediately pause file syncing. This action will notify both users and IT administrators of the breach, significantly reducing the potential damage. While the feature won't prevent encryption on the compromised machine, it ensures that documents stored in **Google Drive** remain protected and recoverable. ### File Restoration Following the detection and blocking of an attack, users receive detailed instructions on how to restore corrupted files using the **Drive** restoration tool. This tool allows users to undo the changes made by the ransomware. "When ransomware detection is on, files are scanned for ransomware when they are synced from a desktop computer to **Drive**," **Google** explains. "If ransomware-encrypted files are found, desktop sync is paused. The affected user gets an email alert and is notified in **Drive**, and an alert is created in the **Google Admin console**." According to **Google**, the feature's detection capabilities have significantly improved since the beta phase. "Compared to when the feature was in beta, we are now able to detect even more types of ransomware encryption and are able to do it faster. Our latest AI model is detecting 14x more infections, leading to even more comprehensive protection," the company stated. ### Availability and Configuration The ransomware detection feature is enabled by default for all users in organizations with business, enterprise, education, and frontline licenses. The file restoration feature is available to all **Google Workspace** customers, **Workspace** individual subscribers, and users with personal **Google** accounts. Although enabled by default, administrators can disable the feature for their organizations through the **Admin console** under Apps > **Google Workspace** > Settings for **Drive** and Docs > Malware and Ransomware. To enable detection alerts, admins must install the latest version of **Google Drive** for desktop (v.114 or later) on all endpoints. However, file syncing will still be paused on older versions, ensuring a base level of protection. ### Competing Solutions **Microsoft** also offers **OneDrive** ransomware detection and recovery for **Microsoft 365** subscribers who use the cloud to store and sync their files. **Dropbox**, another popular cloud storage service, provides similar features to customers on Business Plus, Advanced, or Enterprise plans, as well as for Standard or Business plans with the Security add-on. [Automated Pentesting Covers Only 1 of 6 Surfaces.](https://hubs.li/Q048zztN0) Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other. This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.