Try to create User defined rules for files & folders under Access Protection !!!
I'm afraid you cannot directly prevent file attribute modification with Access Protection. You can prevent the following file operations with user-defined rules: read, write, execute, delete and create. I think file attributes are not part of a file physically, rather, they are part of the directory entry that refers to the file. Since there may be techniques directly manipulating these entries, they can be hard to prevent merely by assigning the ATTRIB command special ACL-s.
However, I would guess that your "local variant" malware only does these things to file attributes once it is "over the fence" (i.e. within the organization.) Maybe to be over the fence would require a step from the malware which, on the other hand, can be prevented from happening via Access Protection (if you know what I mean).