... but would like to focus your attention on ransom a.ttack that could be possible in the case your PC (to which Trezor were connected ) were compromised.
Is this even still a thing? I thought that Trezor patched that vulnerability after it was initially announced? 
refer release notes from Sept 2020: https://blog.trezor.io/firmware-updates-for-trezor-model-t-version-2-3-3-and-trezor-model-one-version-1-9-3-c94f7a3b6fea