The Foundation sees this as a contradiction to the EU’s own interoperability goals. Although XLSX is standardized as OOXML according to ISO/IEC 29500, Microsoft’s implementations often deviate from the specifications. Furthermore, features often change undocumented, which complicates compatibility with open-source software such as LibreOffice.
Encryption alone won’t prevent ransomware to encrypt it again. The original files need to be readable after all, so they are either unencrypted at boot or appear unencrypted to the (infected) client by machine/session key management. Nevertheless, adding an addittional, "“hostile” encryption layer will make them unreadable. The reasonable thing would be not to use a monocultural, standard setup that is known to be vulnerable to that kind of attack and first of all to get rid of fucking Outlook which has always been a dumpster fire.