Ransomware will work around this limit easily by spawning more processes, injecting itself into other valid processes, etc. System wide limit will just slow overall I/O and make everyone super angry. This suggestion is an utter bullshit. Ransomware does not play fair.