Honest question, how feasible is it to create a script that frequently scans the running processes and kills anything that's running file encryption? Put simply, detect any process running file encryption and immediately kill it.
I mean, I understand that if whoever's attacking managed to get root access, you're 100% fcked. But when it's a user's fault for running a compromised program, this could stop the problem before much harm is done.