Similarly, ransomware that targets healthcare organizations directly jeopardizes patient safety by restricting access to electronic health records and diagnostic tools, resulting in delayed treatments, ambulance diversions, and a measurable, material risk of higher mortality rates. Ransomware has even forced hospitals to permanently close.
Ransomware is an organization-wide threat. The high costs of remediating ransomware are as concerning for boards of directors as they are for CISOs and the security teams who report to them. To help our Workspace customers defend against ransomware attacks, we’ve developed a proprietary AI model that looks for signals that a file has been maliciously modified by ransomware — and stops it before it can spread.
These new capabilities enable smart detection of file corruption that is characteristic of a ransomware attack. It automatically halts activity to prevent file corruption from reaching cloud-stored assets, and allow for simple recovery and restoration of affected files stored on Google Drive, regardless of file format.
AI-powered ransomware detection in Drive for desktop can help secure essential government, education, and business operations, and also upend the ransomware business model by disrupting attacks in progress and offering rapid file recovery. Importantly, these capabilities have been integrated into the user experience and designed intuitively so that non-technical users can take full advantage. We are rolling this out now at no extra cost for most Google Workspace commercial plans.
How it works
Trained on millions of ransomware samples, this new layer of defense can identify the core signature of a ransomware attack — an attempt to encrypt or corrupt files en masse — and rapidly stop file syncing to the cloud before the ransomware can spread and encrypt the data. It also allows users to easily restore files with a few clicks.
The AI uses a proprietary, deep learning model that continuously looks for signs of maliciously modified files. Its detection engine can identify ransomware by analyzing patterns of file changes as they sync from desktop to Google Drive. The detection uses intelligence from Google’s battle-tested, malware-detection ecosystem, including VirusTotal.
Built-in malware defenses, also available in Gmail and Google Chrome, can help prevent ransomware from spreading to other devices and taking over entire networks. We believe that these layers of defense can help organizations in industries such as healthcare, retail, education, manufacturing, and government from being disrupted by ransomware attacks.
Restoring corrupted files
A key capability of this defense empowers customers to restore their files, unlike traditional solutions that require complex re-imaging or costly third-party tools. The Google Drive interface allows users to restore multiple files to a previous, healthy state with just a few clicks.
This rapid recovery capability can help to minimize user interruption and data loss, even when using Microsoft Windows, Office, and other traditional software.
Additional ransomware defenses
As AI augments and even reinvents protection against ransomware in some very powerful ways, it’s clear that organizations should do more to adopt the secure by design mentality.
There’s no single tool that can defeat all ransomware attacks, so we recommend organizations emphasize a layered, defense in depth approach. Organizations should incorporate automation and awareness strategies such as strong password policies, mandatory multi-factor authentication, regular reviews of user access and cloud storage bucket security, leaked credential monitoring on the dark web, and account lockout mechanisms.
One way to get started is to identify user groups, including sales and marketing teams, that can transition to more ransomware-resilient endpoints. Moving to devices that run ChromeOS, iOS, and Android could meaningfully reduce security risks — for example, Chromebooks are inherently more resilient against ransomware and malware in general.
For legacy Windows applications that can’t run on the web, we recommend Cameyo as a solution that allows users to continue using Windows apps in a more secure environment, such as ChromeOS.
To learn more about how we’re using AI to stop ransomware with Google Drive, read our recent Workspace blog.
