We have had a casual client** hit with ransomware just after lunch yesterday, though unfortunately all staff of this small firm were out of the office so nobody noticed until this morning.  I hunted extensively for the compromised computer which encrypted the files on their NAS, but could not find anything.  Googling the symptoms (files now have a 7z extension, !!!read_me.txt files show in folders) lead me to this 5 hour old article:

https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ 

If you have a QNAP NAS that that *may* be exposed to the internet, check it now and block all external access until you are sure the firmware and the apps have been updated.  Even then, I'd not recommend allowing external access again.  I have little doubt that others will start probing the QNAP ecosystem for vulnerabilities.

We are currently restoring this client's files from an effectively-air-gapped backup system, so they have lost very little information.  I am a little concerned that the perpetrators of the crime may still have a remote shell to the NAS, so its going to get a factory reset very soon.

**someone we see professionally once or twice a year for issues they can't sort themselves.  We don't "look after their IT" as such, but give them advise or help when they hit limits with their self-management.  Sometimes they follow this advice.  Sometimes they don't.

Instructions in the file begin with the following text:

!!! All your files have been encrypted !!!

All your files were encrypted using a private and unique key generated for the computer. This key is stored in our server and the only way to receive your key and decrypt your files is making a Bitcoin payment.

To purchase your key and decrypt your files, please follow these steps: