It's not malicious or "ransomware", and this is perfectly normal, default behavior for most devices - both macOS and Windows implement full disk encryption in a default install these days, and your key is almost always in your Microsoft Account on the Microsoft website. While Microsoft does a lot of crap wrong, in this case, Windows's failure to decrypt under GRUB is security features actually kind of doing their job. Basically, trying to boot Windows through GRUB confuses the TPM, causing it to not want to give the keys in case the Windows boot partition has been tampered with by bad actors. Thus, you have to boot directly through Windows Boot Manager, not GRUB

Also, secure boot and TPM aren't just some conspiracy by Microsoft to block Linux; they are attempts at implementing legitimately necessary security features. Full disk encryption supported by correctly implemented secure boot and an encryption chip are essential to having modern security. Linux is not blocked by TPM and Secure Boot; it is certainly possible for Linux distributions to take advantage of them to enhance their own security. I have implemented automatic LUKS full disk encryption that similarly fails to unlock if the partition has been tampered with on my Debian install. In theory, they can actually be used to help improve your security.

That is not to say I think TPM and secure boot are good, though. The really obnoxious thing about secure boot is that all the certificates are controlled by Microsoft rather than a standards body or a group of certificate authorities. While so far, Microsoft has kept it relatively open by providing the third party CA and the shim binary in order to avoid having its neck snapped by the FTC, considering the current administration, we don't know how much longer they'll keep it up, and they could actualize the much-feared blocking of Linux.

The other big problem with TPMs and secure boot is that often, there are so many different implementations and frequently major security flaws in their implementations that weaken their protection. A typical petty thief stealing your laptop still probably won't be able to decrypt your drive, but a nation state can probably find a way. It doesn't help that Windows doesn't encrypt communication between the CPU and the TPM (luckily, the Linux kernel does that by default). Despite these issues, I'd say TPM and Secure Boot is better than nothing for most devices; not using them (EDIT: or a non-M$-controlled alternative, like a memorized drive password AND/OR FIDO keys, which may be better) at least in part means your device is more vulnerable to physical access and bootkit attacks than even most Windows laptops, and they are often the only tools at your defense

EDIT: An addendum: Now the really smart thing I've heard people do is to keep the boot partition on a flash drive (possibly with a keypad or biometrics) that you keep with you at all times.