[GekkePrutser]

No, the malware authors just target the least secure userbase. Because there's plenty of them to exploit. Why put in the extra work if you have plenty of weak targets?

Physical security works the same way. The point is to have better locks on your bike than the one beside it.

And opening ports reduces the need for central infrastructure for the malware makers, which leads to less chance of being discovered (no money trails etc).

PS Speaking of run of the mill malware/ransomware here obviously. If you get targeted by state actors you can kiss your ass goodbye either way :)