Require special permissions for operations that affect more than N files. Would that be a possible solution? Attacks could still do some damage by targeting critical files, but then those files could also require special permissions for modification. This is in essence what root privileges were for, but they have turned out to be too global and too easy to compromise. So add explicit access control requirements that require external input (a cryptographic hash on a USB drive) for each individual critical file, tied to a TPM. TPM's are not unhackable but certainly raise the bar of difficulty. Having to go to one person in the company to get them to make changes to a critical file would be a pain, and raise costs a little, but the extra effort seems worth the protection, especially for critical infrastructure. Operating systems would need a little re-architecting to add more levels of access control but that seems straightforward. Just get rid of this old idea (which probably comes from our monkey ancestry) that there must be one privilege that rules them all, and make all privileges distributed and individual with authority distributed among many people, perhaps even require several people to sign off on certain types of changes. I'm sure computer science research has looked into fine grain permissions and levels of access, is there some as yet unsolved problem here? Making company wide changes to all computers would become more difficult and take longer, but would also require better planning and more scrutiny, which could be a good thing. Systems that are remote and have limited physical access would require a different solution. No one has ever hacked a space probe have they? Maybe we can learn something from NASA. I see almost no one proposing serious solutions to ransomware except "backups and kill cryptocurrencies". Surely we are smarter than that?