Google on Tuesday rolled out a new AI tool in Drive for desktop that it says will pause syncing to limit ransomware damage, but it won't stop attacks outright.
The model, which the Chocolate Factory boasts has been "trained on millions of real-world ransomware samples," looks for signs that may indicate ransomware - such as attempts to encrypt or corrupt large numbers of files - and then pauses syncing of affected files, helping prevent wider spread. Drive for desktop is Google's sync app for Windows and macOS that keeps local files in step with cloud storage.
This Drive for desktop tool then sends an email alert or a desktop notification to the Drive user, guiding them to restore their files via "just a few clicks," Googlers Luke Camery and Kristina Behr said in a Tuesday blog.
The recovery capability works across "traditional software" including Microsoft Windows and Office, the duo added. Plus, the model continuously analyzes file changes, and pulls in threat intelligence from VirusTotal, which, at least in theory, should help it detect even new and novel malware variants and attack behaviors.
The new capability is turned on by default, but administrators can disable detection and restoration for end users, if needed. Admins can also receive alerts in the Admin console for any detected ransomware activity.
It's available in open beta as of Tuesday, and Google says these ransomware detection, alerting, and file restoration capabilities are included in most Workspace commercial plans at no extra cost. Consumers also receive file restoration at no additional cost.
- Ransomware scum and other crims bilked victims out of a 'staggering' $16.6B last year, says FBI
- As ransomware gangs threaten physical harm, 'I am afraid of what's next,' ex-negotiator says
- Ransomware crews add 'EDR killers' to their arsenal – and some aren't even malware
- Harrods blames its supplier after crims steal 430k customers' data in fresh attack
And while this represents an important extra layer of defense against ransomware - which, as Camery and Behr point out, "remains one of the most damaging cyber threats facing organizations today," - this is not a silver bullet nor will it prevent ransomware attacks, which, on average, cost each victim in excess of $5 million.
"The focus is limiting the damage of ransomware attacks, stopping them from spreading across networks with this new layer of protection," Google Workspace security and privacy spokesperson Ross Richendrfer told The Register.
This layer is in addition to antivirus (AV) products, which should detect and then quarantine malicious code, thus stopping ransomware from getting through the door. But if AV was entirely successful, we wouldn't see any ransomware attacks. Instead, we have daily headlines and growing numbers of data-encrypting and extortion incidents.
Google Drive's new AI-powered detection "helps to stop ransomware from doing what it must to be most effective: corrupt important files and make them unusable," Camery and Behr wrote.
But it's not going to entirely stop the scourge. ®