You can create secure inaccessible directories for files via Cryptomator or Veracrypt or similar. It should be encouraged more IMO.
If your files and folders are rw even in a encrypted form, you're still vulnerable to ramsomware if you don't have some sort of immutable ro backups.
If your files and folders are rw even in a encrypted form, you're still vulnerable to ramsomware if you don't have some sort of immutable ro backups.