I agree completely with root_vegetable. It isn't a matter that malware
doesn't exist for GNU/Linux based systems at all and they actually ARE prime
targets. Most of the internet's backend infrastructure is some sort of
GNU/Linux combination. The real strength from a security perspective for
GNU/Linux is that the user doesn't have root access by default. If a
malicious program wants to make system changes, it must prompt you for the
password. As a user, if you didn't do anything that you believe would require
your password, it could likely be some sort of malware.
Also as root_vegetable mentioned, if a PPA or something in a repository were
compromised it could also be pushed down to the targets. The recent Linux
Mint hack is a perfect example. For those who aren't aware, Linux Mint was
hacked recently and the attackers were able to change the ISO images to
include a trojan. Anyone downloading the Linux Mint ISO between that time
frame had a trojan by default.
As Onpon4 mentioned, ransomware is typically designed because the attacker
wants you to pay them to release your files. Trisquel would be vulnerable to
a ransomware attack, but if you aren't downloading random things or using any
PPA you aren't likely to be infected. If Trisquel itself was compromised as
Linux Mint was, it wouldn't make sense to perform a ransomware attack because
you likely don't care about whatever is on the clean install anyway (and by
extension the rest of the community would likely become aware extremely
quickly if new ISO images did have ransomware).
*As a side note, ClamAV for example will look for Windows viruses on
GNU/Linux machines because a file you have might be infected but won't be
able to infect the distro. When you send that file out to someone with a
Windows box though... bam, new infected bot.
