Google's Latest AI Ransomware Defense Only Goes So Far (www.wired.com)

Google announced a new ransomware defense for Drive for desktop that uses an AI model trained on millions of real victim files encrypted by various ransomware strains to detect suspicious file-encryption behavior in real time and immediately halt cloud syncing. Designed as an additional line of defense alongside Google’s existing malware checks in Drive, Chrome and Gmail, the feature targets the window where ransomware would propagate to cloud backups: it flags rapid, symptomatic changes to files, stops sync to minimize spread, and enables enterprise Google Workspace customers to restore corrupted or encrypted files quickly. For the AI/ML community the rollout is notable because it operationalizes a large, real-world training set and low-latency behavioral detection to mitigate damage rather than rely solely on signature-based AV. But its limits are important: it only protects files that are being synced via Drive for desktop (Windows/Mac) and won’t catch ransomware that exfiltrates data or attacks files stored elsewhere. Similar protections exist from OneDrive and Dropbox, so this is an evolutionary improvement in detection and response—useful and pragmatic, but not a panacea for the evolving ransomware threat.