I believe you checked the BTC address given to one user (and reported on Bleeping Computer). There is no reason for that address to be the same for everyone: BTC addresses don't cost anything to create, they are (almost) just random numbers. And on the other hand, there are good reasons for the address to be different for each NAS:
1) Since the hackers are not asking for any other data, there is a high chance that the decryption key is derived from the BTC address itself, using the master key that the hackers are trying to ransom QNAP for 50 BTC. If that's the case, then you can be pretty sure that each address is unique. Otherwise a single decryption key would decrypt everyone's data, and the hackers would not make much money once it is published.
2) Another reason for different addresses is laundering the money: all BTC transactions are public. So if all the ransoms went to the same well-known address, it is easy to track where that money goes afterwards, so it takes extra effort to launder. But if the addresses are all different, unless the victims come forward, there is no way to identify the ransom payment transactions.
Here is an example BTC address that, reportedly, got someone a working decryption key:
https://www.blockchain.com/btc/address/ ... yylj65fvdm
You can see the OP_RETURN at the bottom of the transaction details:
https://www.blockchain.com/btc/tx/b0653 ... aab804cddf
So their decryption key was 5f144b4c18e8794587b60c8f60c49372