So we strongly recommended to update Multimedia Console, HBS3 and Media Streaming Add-on to the latest version. As well change the Default web port 8080 (And please do not reboot or shutdown the NAS).
We also released a new Malware Remover policy, which will scan the ransom attack and recover the encryption key if the encryption is still in progress.
If you already had shutdown/reboot the NAS or the encryption has been done, Unfortunately, there is no solution yet. At that moment, the data will only be recoverable, if you have done previously a backup.
If you find that the encryption is still in progress (MUST NOT reboot or shutdown the NAS) just follow these steps below to get the encryption key, while the process is still running.
Install Malware Remover from APP Center and run it manually;
Connect nas over ssh
Use the command below to find if ransomware is still in progress.