Previous to the fix, the company had included hard-coded credentials to serve as a backdoor to the device.
Unfortunately, hackers became aware of this and began abusing those credentials. That resulted in a number of confirmed instances where hackers gained access to the device via the backdoor, then installed ransomware and encrypted all of the files on the device.
The issue is being tracked as CVE-2021-28799, and at this point, has already been resolved.
All you need to do is to download and install the latest version of the software your device uses, which will be one of the following:
To update HBS on your NAS device, simply log into QuTS Hero or QTS as an administrator and do a search for the phrase "HBS 3 Hybrid Backup Sync" in the App Center. Once you've found that, click "Update" and "Ok" to start the process. Note that if your software is already up to date, then the "Update" button will be greyed out.
This is not the first time that QNAP devices have been targeted by hackers. Given the sensitive data they invariably contain, they're almost the perfect target for ransomware attacks. Recently, the company issued guidance relating to how to check your device for the presence of malware, and these steps are well worth following at periodic intervals:
Make sure you're up to date as soon as possible. This security patch should be given highest priority.