Google Drive for desktop is adding ransomware detection using an AI model trained on “millions of real-world ransomware samples” that will “look for signals that a file has been maliciously modified.” When Google’s AI believes it has detected ransomware activity on a Windows or macOS system, like trying to encrypt or corrupt files en masse, it will automatically stop syncing Drive files, alert users on their desktop and over email, and allow users to restore their files to an older version. 

The feature is rolling out in open beta starting today, and in a briefing with reporters, Google’s Luke Camery said the company aims to make it generally available by the end of the year.

“We’ve built a specialized AI model, trained on millions of real-world ransomware samples, to look for signals that a file has been maliciously modified,” Google says in a blog post. “The detection engine adapts to novel ransomware by continuously analyzing file changes and incorporating new threat intelligence from VirusTotal. When Drive detects unusual activity that suggests a ransomware attack, it automatically pauses syncing of affected files, helping to prevent widespread data corruption across an organization’s Drive and the disruption of work.”

Ransomware attacks are still on the rise, with the Office of the Director of National Intelligence reporting that there were 5,289 ransomware attacks worldwide in 2024, a 15 percent increase from 2023.