#Linux ransomware in the wild: https://forums.gentoo.org/viewtopic-t-1060828.html

Linux-based malware not only exists but has existed for longer than most Linux users realize.

Also, not running anything as root that doesn't need root helps with defense in depth, but especially don't run as root anything *designed* to download & run completely unvetted code, like Web browsers do.

Sadly, spoiler: Flash Player was suspected but never confirmed as the ransomware entry vector.