A Thanos ransomware campaign targeting mid-level employees in Austria, Switzerland, and Germany was met by the victims’ refusal to pay the ransoms demanded to have their data decrypted. The attacks started with a low-volume phishing campaign spreading malicious Microsoft Excel attachments sent from email accounts registered on the servers of GMX free email provider. The phishing messages delivered attachments camouflaged as invoices and tax refund documents which dropped the GuLoader (aka CloudEyE and vbdropper) malware downloader.
Source: https://www.bleepingcomputer.com/news/security/european-victims-refuse-to-bow-to-thanos-ransomware/