Windows protection from unwanted Ransomware

Protecting Windows computer from Ransomware

Table of Contents

The ransomware attack on Knights of Old, a 158-year-old UK logistics firm (later known as KNP Logistics), was a textbook case of how one weak password can unravel an entire legacy. In 2023, the ransomware gang Akira infiltrated KNP’s systems by guessing an employee’s password. Once inside, they encrypted all company data, locked staff out of critical systems, and left a chilling ransom note:

“If you’re reading this it means the internal infrastructure of your company is fully or partially dead…”

Ransomware is a type of malware that encrypts or blocks access to your files or systems. The attacker then demands a ransom payment to restore access. If unpaid, the data may be leaked, sold, or permanently destroyed.

Common Delivery Methods for Ransomware

Phishing Emails: Fake messages trick users into clicking infected attachments or links.
Drive-by Downloads: Malware installs when visiting compromised websites.
Remote Desktop Protocol (RDP): Attackers brute-force login credentials to gain access.
Malvertising: Legit-looking ads hide malicious code.
Software Vulnerabilities: Unpatched systems are easy targets.

Though that was an attack on Windows machine, Ransomware is known to have attacked Linux virtual machines as well. But so far has no penetrated Linux OS stand alone computers. Therefore it is better to protect the Windows by preventing any downloaded file from executing itself or by accident. This will help to do that. This will enable the same protection in Windows which is there in Linux by default.

How to Sandbox Your Downloads Folder (No Execution Allowed)

Think of your Downloads folder as quarantine—not a launchpad. Follow these steps to make sure anything dropped here stays inert until granted explicit parole.

GUI Method

Navigate to C:\Users\<YourUsername>\Downloads
Right-click → Properties → Security tab
Click Advanced → Disable Inheritance → Convert permissions
Remove Read & Execute for Users, preserve Read and Write
Apply changes and exit

PowerShell Equivalent (command line method)

(Change USERPROFILE) with your user name)


$downloads = "$env:USERPROFILE\Downloads"
$acl = Get-Acl $downloads
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Read,Write","ContainerInherit,ObjectInherit","None","Allow")
$acl.SetAccessRuleProtection($True, $False)  # Disable inheritance
$acl.ResetAccessRule($rule)
Set-Acl -Path $downloads -AclObject $acl

Optional: AppLocker Rule (for Pro/Enterprise Edition of Windows)

Use Local Security Policy → AppLocker → Create path rules to block %USERPROFILE%\Downloads. Apply via GPO if needed.

SmartScreen + MOTW

Enable SmartScreen: Settings → Privacy → Check apps and files
Downloaded files are tagged with MOTW (Mark of the Web)—layered defense!

🧪 If That Option Still Doesn’t Appear…Let’s verify SmartScreen status via PowerShell:Get-MpPreference | Select-Object SmartScreenForExplorerIf it returns Disabled, you can enable it with:Set-MpPreference -SmartScreenForExplorer EnabledIt requires admin rights and Windows Defender to be active.

SmartScreen Settings

Go to Privacy & security in Settings.
Scroll down and click Windows Security.
Then click Open Windows Security.
In the Windows Security window, choose App & browser control.
Under Reputation-based protection, click Reputation-based protection settings.
Look for Check apps and files and toggle it On.

Want me to build a script that checks all SmartScreen toggles and logs their status? Or troubleshoot if a Group Policy or registry setting is suppressing the UI? I can modularize it for reuse.

📊 Result

File Type	Behavior in Downloads
.exe	Blocked
.ps1, .bat	Blocked
Moved manually to trusted folder	Execution possible (if permissions restored)

Pro tip: This setup mimics chmod -x behavior from Linux—execution must be earned, not assumed.Now no win.exe or other ransomeware file can be accidentally run to install ransomware on your compute. Be safe and be happy.