August 13, 2019 | Reading time 12 minutes

How Can Ransomware Infect Google Drive And How to Prevent It

Can ransomware infect Google Drive? Many people would say no, as Google Workspace is believed to be safe. However, they aren’t right. Ransomware impacts cloud-based companies as much as on-premise ones. As Sophos claims, more than 75% of companies infected with ransomware were running up-to-date endpoint protection. This means, that even if you are protected, you are still not entirely safe.

So if you don’t think your cloud storages are safe, you are wrong. Even if ransomware hits files on your local computer, it still can easily infect your files in the cloud. But don’t panic. Keep on reading, and we will tell you about the ways ransomware can infect your Google Drive and how you can secure your data in every possible scenario.

What is a Ransomware Attack?

Ransomware is the combination of the words “malware” and “ransom”. Ransomware virus infects your files with malware that encrypts them, so you can’t access your data. To be able to access them, you need a digital key, which you will get after you pay a ransom, usually in cryptocurrency.

How Can Ransomware Infect Google Drive

The main ransomware distinction from other types of malware and viruses is that it manifests itself openly. The primary goal of ransomware is to instill fear for your data. You see a blocked screen, panic, and pay the ransom. In most cases, this is the only thing you can do – hackers are hard to trace, so it can take months for cyber police to return your data.

The sequence of events:

  1. You perform “the wrong action”: click on the link, open a file, download a program, put a tick, and so on.
  2. The malware infects your data and encrypts targeted files.
  3. The malware makes itself noticeable by putting signs on your screen, asking you to pay money in exchange for getting access to your data.

In some rare cases though, if you are lucky enough to catch the “right type of malware”, you can restore previous “healthy” versions of the files on your Google Drive. But most of the recent releases of ransomware don’t let you do that, so we wouldn’t be too hopeful. 

To protect Google Drive from ransomware, you need to know how it can reach it. Let’s find out.

Two Ways Ransomware Can Infect Your Google Drive

Like any other cloud service, Google Drive is prone to ransomware attacks. Google Drive can suffer in two ways: as a targeted victim of specially designed traps, or as a “ricocheted victim.” 

1. Google Drive Can Become  a “Ricocheted Victim” of Ransomware Through the Backup & Sync Tool

Backup & Sync is a free synchronization tool from Google. It syncs local machines with Google Drive and creates a copy of the files from your Google Drive to your computer. Any change on Google Drive reflects on your local computer and vice versa.

This instant synchronization is wonderful, but it also brings risks to the table. Imagine, you downloaded a malicious file that encrypted files on your computer, including synchronized docs in the Google Drive folder. Backup & Sync will interpret encryption as regular file editing and get them automatically synced with Google Drive. Boom! Your data on Google Drive is infected with ransomware. The encryption happens in seconds, and you can’t react and turn the synchronization off.

The aftermath is even more terrifying if you shared links to infected documents with other co-workers. If they downloaded the infected file on their computer, their files are also doomed.

How to protect Google Drive from Ransomware

  1. Always have a decent backup.

When using Backup & Sync, remember: it is a synchronization tool, NOT a backup solution. This tool doesn’t save your files – it just synchronizes them with all your devices and reflects the changes instantly, which helps you use the latest version of your documents anytime everywhere. 

The only way to avoid data loss is to always have a real backup. It’s up to you whether to selectively back up your Google Drive only or create a backup for all your Google Apps.

  1. Educate yourself and your employees. Invest some time in reading about the most widespread ransomware and phishing methods and red flags. Undertake security training. It raises your chances to not fall for the bait of hackers and be ready for possible threats.
  1. Be cautious. Don’t rush to click and open attachments; take your time to examine the content. Carelessness and hurry will cost you so much more, in case you haven’t saved your data beforehand.

Learn how to recover deleted Google Docs

2. Google Drive Can Get Infected Through the Third-party Apps and Extensions

Along with G Suite, you have hundreds and thousands of third-party extensions and apps that boost the usability of Google Disk. But along with better workflow and streamlined functionality, those can bring a cyber threat on board as well.

From time to time, we all download extra apps. They help us edit and sign our PDF docs; create, track, and share schedules with the team and stakeholders online, convert some file formats, edit photos in the cloud, and so forth. Where do you look for programs to give you all those features? In the G Suite Marketplace, of course.

And this is where all the dangers lie waiting. Not all third-party apps and extensions are trustworthy. In 2018, Kaspersky Lab detected about 60,176 new mobile ransomware Trojans.

How can malicious services infect your cloud storage? Mostly through the permissions which you or your employees grant them. The higher the permission level is given to the application, the higher the risks. When you install the app, there is always a pop-up asking you to access and manage your data in a particular folder. If you allow the app to manage data on your Google Drive/Google Team Drives, you “untie its hands.” From this moment, a malicious application can encrypt files, steal your sensitive information, read your company information, copy it, send messages on your behalf, and so on.

How to protect Google Drive from risky Apps and Extensions

The only way is to conduct an audit of third-party apps. You must always examine the trustworthiness of the application or extension before installing it and providing it access to your data. 

But it can be quite a challenge to investigate all apps in a company with lots of employees. You can’t rely on your co-workers and need to spend time scrutinizing every app manually. Don’t worry, though; there is a much easier method.

A reliable cybersecurity provider like SpinOne can scan the security level of the risky third-party apps connected to your G Suite domain automatically. The service identifies dangerous business apps and blocks them. This way, you get Google Drive ransomware protection, save time and money, and get a piece of mind.

So remember: no matter how cautious you or your employees are, you can’t be 100% safe. Companies get hit by ransomware every 14 seconds, so don’t rely blindly on luck.

Use specialized anti-ransomware tools to ensure that attacks are detected and stopped ASAP.

Read next: Why choose SpinOne to protect your Google Drive from ransomware.

Frequently Asked Questions

Can malware be shared through Google Drive?

Yes, malware can potentially be shared through Google Drive, just as it can be shared through any file-sharing service. While Google Drive has various security measures in place to detect and block malware, these measures are not a silver bullet. For instance, Google Drive can be infected with malware if someone shares a file that contains malware or sends an email with a link to a malicious file on Google Drive.

Can Google Drive get infected with a virus?

Google Drive itself doesn’t get “infected” with viruses in the classical sense because it’s a cloud-based storage service that doesn’t execute files. However, it can store files that may contain viruses or malware. The risk comes when you share an infected file or attachments with others. If you share a file containing malware with someone, and they download and open it, their local device can be infected.

How do I recover Google Drive from ransomware?

Google recommends to recover the ransomware-infected files from the previous versions. Google Drive keeps versions of files, so you can revert to a previous version. For this, right-click on a file, select Manage versions, and you can see and restore previous versions of the file. Unfortunately, this method has a number of drawbacks as modern ransomware encrypts older versions of your files too. So, chances are you will see the same corrupted data once you open your version history. Furthermore, versioning is a feature available only for a limited number of file types. These are files edited in Docs, Sheets, and Slides.

To raise your chances for successful ransomware recovery, use third-party backups like Spinbackup.

How does Google protect against ransomware?

Google products like Google Workspace include security controls that can help protect your organization against ransomware attacks. For example, Google products encompass security controls that enable remote employees to access resources contingent on their identity and contextual factors.

Given that emails are primary ransomware delivery vectors, Google’s advanced phishing and malware protection within Gmail offers mechanisms to isolate suspicious emails, shields against hazardous attachment types, and bolsters defenses against inbound spoofed emails.

An additional security measure, the Security Sandbox, is specifically developed to identify the existence of previously unidentified malware within attachments.

The Chrome browser incorporates Google Safe Browsing, which serves the purpose of issuing alerts to users when they attempt to visit a website that is infected or malicious in nature.

Furthermore, there is a password protection feature that functions by delivering notifications when a company-related password is employed on a personal account. It also verifies whether any of the user’s stored passwords have been exposed in an online security breach.

Was this helpful?

Thanks for your feedback!
Avatar photo

Vice President of Product

About Author

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.


Featured Work: Webinar:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Importance of Backing Up Google Workspace Data Daily

Importance of Backing Up Google Workspace Data Daily

Many organizations today are heavily relying on cloud Software-as-a-Service offerings for business productivity, communication, and collaboration. One of the leading […]

Google Workspace Backup and Security Guide 2024

This Google Workspace Backup and Security Guide covers 9 burning-hot cloud security topics. These articles will give you helpful information […]

g suite backup tools

How to Backup Google Workspace Data

Having a secure backup is a great way to ensure the protection of your corporate data from loss, overwriting, hacking, […]