rule No. 1 after hacking the storage system - wipe out the system into factory default. You don't know what the hacker left there. Otherwise, you will be constantly vulnerable.
Try to restore all possible backups.
But after reading this case, I would bet a few cents that Backup (real backup) does not exist. And if there is any, it's probably infected too, because control over the DSM has been taken over.
Maybe even older backups would break it. But I dare say that in this case it will not be a month old data state.
Unfortunately - it's over. Sad, but true.
Setting up NAS security is not like turning On/Off a drill. Without a well-protected network, it's only a small step to a better night's sleep. It is a complex science. Rules, rules, rules. Cloudflare, Secure DNS, DNSSEC, IPSec tunnel rather than SSL VPN, …
many of them described also in this forum