It seems like Jupyter notebooks are under attack now. Certain attack vectors are well known from npm already. Ransomware attacking Jupyter notebooks is certainly something new. However, the more fundamental issue seems to be this “git clone some repo and install all requirements”. It is as bad as curl | sh.