Protecting Windows computer from Ransomware
The ransomware attack on Knights of Old, a 158-year-old UK logistics firm (later known as KNP Logistics), was a textbook case of how one weak password can unravel an entire legacy. In 2023, the ransomware gang Akira infiltrated KNP’s systems by guessing an employee’s password. Once inside, they encrypted all company data, locked staff out of critical systems, and left a chilling ransom note:
“If you’re reading this it means the internal infrastructure of your company is fully or partially dead…”
Ransomware is a type of malware that encrypts or blocks access to your files or systems. The attacker then demands a ransom payment to restore access. If unpaid, the data may be leaked, sold, or permanently destroyed.
Common Delivery Methods for Ransomware
- Phishing Emails: Fake messages trick users into clicking infected attachments or links.
- Drive-by Downloads: Malware installs when visiting compromised websites.
- Remote Desktop Protocol (RDP): Attackers brute-force login credentials to gain access.
- Malvertising: Legit-looking ads hide malicious code.
- Software Vulnerabilities: Unpatched systems are easy targets.
Though that was an attack on Windows machine, Ransomware is known to have attacked Linux virtual machines as well. But so far has no penetrated Linux OS stand alone computers. Therefore it is better to protect the Windows by preventing any downloaded file from executing itself or by accident. This will help to do that. This will enable the same protection in Windows which is there in Linux by default.
How to Sandbox Your Downloads Folder (No Execution Allowed)
Think of your Downloads folder as quarantine—not a launchpad. Follow these steps to make sure anything dropped here stays inert until granted explicit parole.
GUI Method
- Navigate to
C:\Users\<YourUsername>\Downloads
- Right-click → Properties → Security tab
- Click Advanced → Disable Inheritance → Convert permissions
- Remove Read & Execute for
Users
, preserveRead
andWrite
- Apply changes and exit
PowerShell Equivalent (command line method)
(Change USERPROFILE) with your user name)
$downloads = "$env:USERPROFILE\Downloads"
$acl = Get-Acl $downloads
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users","Read,Write","ContainerInherit,ObjectInherit","None","Allow")
$acl.SetAccessRuleProtection($True, $False) # Disable inheritance
$acl.ResetAccessRule($rule)
Set-Acl -Path $downloads -AclObject $acl
Optional: AppLocker Rule (for Pro/Enterprise Edition of Windows)
Use Local Security Policy → AppLocker → Create path rules to block %USERPROFILE%\Downloads
. Apply via GPO if needed.
SmartScreen + MOTW
- Enable SmartScreen: Settings → Privacy → Check apps and files
- Downloaded files are tagged with MOTW (Mark of the Web)—layered defense!
🧪 If That Option Still Doesn’t Appear…
Let’s verify SmartScreen status via PowerShell:
Get-MpPreference | Select-Object SmartScreenForExplorer
If it returns Disabled
, you can enable it with:
Set-MpPreference -SmartScreenForExplorer Enabled
It requires admin rights and Windows Defender to be active.
SmartScreen Settings
- Go to Privacy & security in Settings.
- Scroll down and click Windows Security.
- Then click Open Windows Security.
- In the Windows Security window, choose App & browser control.
- Under Reputation-based protection, click Reputation-based protection settings.
- Look for Check apps and files and toggle it On.
Want me to build a script that checks all SmartScreen toggles and logs their status? Or troubleshoot if a Group Policy or registry setting is suppressing the UI? I can modularize it for reuse.
📊 Result
File Type | Behavior in Downloads |
---|---|
.exe | Blocked |
.ps1, .bat | Blocked |
Moved manually to trusted folder | Execution possible (if permissions restored) |
Pro tip: This setup mimics chmod -x
behavior from Linux—execution must be earned, not assumed.
Now no win.exe or other ransomeware file can be accidentally run to install ransomware on your compute. Be safe and be happy.