When I got home and checked the NAS logs, they showed that I'd been under some kind of automated hack attack all day, it continued as I watched the failed logins in real time. In the NAS logs the failed Admin logins went on for page after page, they'd been methodically at this for hours. Something was trying to log in as user Admin and guess the PW, around 7-10 attempts per a minute, each time from a different IP address supposedly in different parts of the world. I guess that the only reason that I got alerted at all was that their IP address randomizer wasn't random enough and my NAS spilled the beans when it noticed multiple failed logins from the same IP address. I shut the server down for an hour, when I fired it back up the attack began again immediately. Somebody, or more likely something on behalf of somebody, was trying to guess the password of the server administrator.
This was a brute force ransom attack, after they guessed the Admin password and got in they'd encrypt all of my data on the NAS, present me with a login screen explaining what they'd done and demanding payment in Bitcoin to unencrypt my data. But what these crooks didn't know was that on the advice of the Synology I had disabled the Admin account and given admin rights to a different account 3 years ago. In order to get in and hold my data for ransom they'd have to guess that username and PW. I know that I'm going to find it a pain in the ass but I also put that login on 2 step authentication.
