Malware encryption programs tend to make their presence known, to extort ransom…
Then again, that should be very quickly to spot with a binary editor, esp. when you have a valid CR2 file to compare with.
But from the information available, we can only guess about the cause(s) of those files being unreadable…
Oh, and there’s no reason to believe Linux or MacOS are more resistant to malware attacks than windows, as the weakest part in the defenses tends to be the wetware… But as they have a much smaller market share, they are perhaps a less attractive target.