It seems like part of your thinking is: Why would a criminal invest effort to attack an average John Doe? The answer is: With a popular (widely used) operating system, the effort goes close to zero. Attacks can be automated, so they will be. Also, even if they are not interested in your data, they will be interested in other benefits they gain from controlling your computer:

• Computing power e.g. for Bitcoin mining
• Your internet connection to attack other computers via yours, taking your computer to hide their identity and location. This is commonly done as DDOS for blackmailing businesses or silencing websites. Or for sending spam or fake reviews.
• Your identity. If they can get your name, they can order stuff on your name, which will get you a bad credit score or even criminal charges (identity theft)
• Access to your local network. Many devices are easier to hack via local network access than from the internet. A criminal who took control of your computer could for example take over your “smart” appliances or WiFi printer.