Google has released two new security features for Google Drive: detection ransomware and bulk file restore. After a beta phase that began in September 2025, both features are now available.
Ransomware detection works in the Drive desktop client. If the client detects suspicious activity, it automatically stops syncing. According to Google, the revised AI model recognizes 14 times more types of infections than in the beta phase. The user will see a warning on their computer and will also receive an email. The responsible administrator will also receive an email and a notification in the Security Center of the Admin console.
Additionally, users will now be able to restore multiple files to a previous state at once – for example, to the point before a ransomware attack. This will save the tedious process of restoring individual files and, according to Google’s announcement, will ensure that those affected don’t have to pay a ransom.
Both features are enabled by default. Administrators can enable or disable them from the Admin Console in Drive and Docs settings. For full detection notification functionality, Google requires at least version 114 of Drive for DesktopIn older versions, sync will also stop if there is a problem, but the notification will not appear.
File recovery is available to all Google Workspace customers, Workspace Individual subscribers, and users with a personal Google account. Ransomware detection, on the other hand, is limited by Google to select plans: Business Standard and Plus, Enterprise Starter, Standard, and Plus editions, as well as Education Standard and Plus, and Frontline Standard and Plus.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
