Opening the attachment kicks off a series of steps that not only locks up the victim’s files, but also downloads some additional malware onto the target computer. The attachment does not visibly do anything, but appears to the victim as a corrupted file. However, in fact it is busy doing its dirty work in the background. This includes deleting the Windows Volume Shadow Copy so the encrypted files cannot be recovered and the ransomware is set to run every time Windows starts up so it can capture any new information.
Bleeping Computer said at this time there is no way to decrypt the files, although there are steps to be taken that can thwart the attack.
The additional malware installed is the password stealing Pony trojan.