Sure, but most of the attacks are platform-dependant, at least the nasty ones since fortunately you can only do pretty trivial things in js running on a browser... The larger and more homogenous installed base points attackers towards windows hosts; for example it would be possible to have ransomware attack against linux too, but I am aware of no such being deployed.