There’s a saying in the military, something along the lines of “The target dictates the weapon and the weapon dictates the movement”. This implies that the method employed is entirely dependent on the target.
With this in mind I think that the “devastation factor” would be much more closely tied to a target than to the method of attacking that target. For instance if someone were to target say a college computer lab that shuts down the entire university with file-less malware, would THAT be more devastating than if someone plugged a usb into 1 computer that spread ransomware throughout that hospital?
That said any “truly fileless” malware is defeated, simply by rebooting the system. There is usually some persistence mechanism (something on disk or in a network) that must be implemented to ensure a reboot doesn’t revert their actions and thus makes it detectable outside of memory.
So, I’d say a persistent individual or group with a solid understanding of multiple advanced methods of exploitation is likely the most devastating thing that can happen to any system.