If you do have "read-only" access to these devices, you can find out the protected boot-loader settings, and use the reset button to clear all configuration and reinstall the device with Netinstall. You will have to hold the reset button more than the specified time in the "*reformat-hold-button*" setting.
Devices with boot-loader protection CAN NOT be recovered if you don't know the "
*reformat-hold-button*" setting.
Please always keep your devices updated and secured with a firewall. Never leave Winbox or ssh open from distrusted networks, never use "admin" user, and follow other recommendations as outlined here: [
https://blog.mikrotik.com/security/winb ... ility.html]
Even if your device has been upgraded, it is not automatically safe, you must also remove all unknown files and change your user/password since they can still be in possession of attackers from older hack attempts.
The course of action for unaffected devices is outlined in the article above. Upgrade, change passwords, and make sure Winbox is not available to distrusted IP addresses or interfaces.