It’s quite a complicated scenario with various reasons for protecting various things in various ways. Attackers try to locate weak spots, and defenders try to balance defenses against things users like.
hints at one fundamental difficulty. How does any code know access is legitimate and not pretense?
Some people have used encrypted filesystems. That’s good for data at rest (stolen laptop), but less effective after initial unlock. You probably already read about attacks and defenses, but I’ll continue.
If you worry about ransomware hurting your files and deleting your backups, that’s one problem type. Attempting to make your destination immutable is a defense. Another is guarding access credentials.
If you worry about snoops, any malware already on your system has direct access to original source, however guarding encryption passphrase will slow attacker if they access destination files somehow.
Beyond that, it’s adding layers of defense in multiple areas, attempting to make an attacker work hard. High value targets should worry more, as they may get live attackers – more capable than automation which sometimes aims more for a broad attack. A personalized human attack aimed at you is tough…
If you want your data to survive despite a completely compromised system, offline backups could help until physical disaster occurs, in which case online was more likely to be done. Keep multiple backups, however that increases chances of data survival but also increases chances of data exposure. Sigh…
Adequate risk mitigation sometimes requires thinking about which risks deserve the strongest defense.
I hope I’ve explored how “work” is a rather complicated concept, but you can protect at various levels.
The current database scrambling plan will have to change, as it’s been removed from newer DB libs…
An option being discussed which would help Linux users is selective encryption as you are proposing.
There are databases available that encrypt better than RC4, but then what of default DB passphrase? Leaving gaps in the defenses is a problem, but I don’t think anybody’s going to solve everything today.