Ransomware and phishing: Google Drive will now warn you about suspicious files


Users of the Google Drive file and syncing app will now start to see warning banners if they open a potentially dodgy file. 

The new alerts are rolling out to Workspace Google Drive users globally today and aim to help protect users and their organizations from malware, phishing and ransomware. 

ZDNet Recommends


The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

The alerts are displayed in a yellow banner at the top of the page after a user has clicked on a link, but before the file is downloaded. The warning states that the file looks suspicious and “might be used to steal your personal information”. 

SEE: Cloud computing: Spreading the risk with the multicloud approach

Google notes: “If a user opens a potentially suspicious or dangerous file in Google Drive, we will display a warning banner to help protect them and their organization from malware, phishing and ransomware.”

Google Workspace users should be familiar with the banner security alerts, which arrived in Docs, Sheets, Slides, and Drawings earlier this year as a protection against abusive content and behavior.  

The additional user-facing alert should help protect Google Workspace users from cyber criminals who use Google Drive to spread malicious files. 

Google last year shut down an expansive Russian hacking network that hijacked YouTube accounts using malicious PDF files shared with targets in email and Google Drive.  

The new banner alerts are separate to the alerts Google issues to users targeted by suspected state-sponsored hackers. In 2021, Google-issued state-sponsored alerts to Workspace users rose by 33% year on year to over 50,000. The increase was mainly due to campaigns run by Russian actor APT28 or Fancy Bear. State-sponsored attack groups like Iran’s APT35 also employ Google Drive among other tools to spread malicious PDFs. 

The new suspicious file alerts are on by default, meaning neither admins nor users need to enable this feature. It cannot be disabled. It is available for all Google Workspace customers, as well as G Suite Basic and Business customers. 

Separately, Google recently started pushing G Suite legacy free users to upgrade to a paid Workspace subscription. It’s also encouraging its $6 a user per month G Suite Basic edition and Business edition users switch to a Workspace subscription. These customers can expect to be contacted by Google in the “coming months” to start the transition.   



Source link