time to enable reserved space for snapshots. and also don't portforward qnap to the internet.
Independently discovered by researchers at two separate security firms, Intezer and Anomali, the new ransomware family targets poorly protected or vulnerable QNAP NAS servers either by brute forcing weak SSH credentials or exploiting known vulnerabilities.
these are the users that don't update qts at all, or have generally lax network security practices, like port forwarding the qnap or using upnp qnap+router, and poor passwords
just a bunch of things that result in your network being compromised and the NAS easily targeted.
also if you're not actively using ssh, disable when not in use.
However, if a compromised NAS device is located in Belarus, Ukraine, or Russia, the ransomware terminates the file encryption process and exits without doing any harm to the files.
it's that or hillary or someone trying to frame them