A new spam campaign has been spotted distributing Buran Ransomware through IQY file attachments. When opened, these Microsoft Excel Web Query attachments will execute a remote command that installs the ransomware onto a victim’s computer. Microsoft has blocked IQY files through Outlook on the Web and made it possible to block untrusted Microsoft Web Queries in Windows through group policies. At this time there is no way to decrypt files encrypted by Buran for free. In each folder that files are encrypted, a ransom note named!!! ALL YOUR FILES ARE ENCRYPTED!!!.TXT will be created that tells a victim to contact either [email protected] or [email protected] for payment instructions.
Source: https://www.bleepingcomputer.com/news/security/buran-ransomware-infects-pcs-via-microsoft-excel-web-queries/