I don't think this would be effective honestly. The theory behind ransomware is that it attacks data of value to you, which you are typically reading and writing. It's uncommon that data is written once then never modified. Restricting sudo won't stop local privilege escalation exploits and those are all too common under Linux. Mounting /usr ro as a separate filesystem is likely much easier than some of the steps described. But again, who cares if the OS is trashed? You just reinstall from media. It's the data you care about. A layered approach is warranted and there isn't a simple list of tips to accomplish what OP wants.