A lot will depend on how the ransomware program is designed. Technically anything connected to an infected computer or device is potentially at risk. This includes mapped drives/Shares. There apparently is some ransomware that has gone after NAS drives. See the following link for one article that discusses the issue with Synology NAS devices.
The main thing to do is prevent the intrusion/malware from reaching the local network/computer in the first place. This includes good surfing habits, i.e., avoid surfing porn sites, opening spam emails, having good antivirus/security software that scans on a regular (or daily) basis, ensuring all computers and network devices are updated to the latest versions/firmware.
Password protecting a Share may not prevent an infection from an already infected PC that has that Share mapped. The better option is to lock down the My Cloud by setting a Share to Read Only access or No Access, turning off SSH and FTP and requiring a password to access the Dashboard. Obviously using strong passwords is also needed to prevent other methods of attack on the NAS.