Local MSP got hacked and all clients cryptolocked

As the title says, a local mid-sized MSP with about 80 clients/unknown endpoints got hacked yesterday. All of their clients' endpoints, including servers got cryptolocked. This has got to be this community's worst nightmare... or perhaps close to it.

Owner of a company under the mentioned MSP came over to our shop to purchase a 'clean' system. Seems the MSP is negotiating the ransom amount and will pay up.

As MSPs, how do you think this happened and what steps do you take to mitigate such a risk besides BDRs? For example....What would happen if YOUR RMM company got hacked?

FYI, [According to CISA bulletins](https://ics-cert.us-cert.gov/CISA-Awareness-Briefing-Chinese-Malicious-Cyber-Activity) there seems to be a pattern of targeted attacks towards MSPs by Chinese cybercriminals, there is a free webinar/briefing on Feb. 22 with room still available for registration.

EDIT: Since this took off, I'd like to clarify a few items.

-First off, I won't name the compromised MSP, so please quit DM/asking for it.

-Second, there are a lot of presumptions in this post. u/huntresslabs mentioned a known vulnerability on an integration tool between CW & Kaseya and while it is a very probable cause, there is not enough information to confirm this as the cause, so I must disagree with them on having "first-hand knowledge of 'THIS' incident". With that said, I think their perspective on this issue is well welcomed and has shed some light into the communication issues between MSP tool(s) vendors and MSPs. +1 for Layered security.

-Third, the point of this post is to collectively be aware of these risks and learn from each other in order to protect ourselves and our clients. As you can see on the comment section, there are many ways this could have happened... from a disgruntled employee to poor security practices. To me, this summarizes that every MSP is vulnerable one way or another to targeted attacks.

-Fourth, we as MSPs don't just have the leverage, but the responsibility to hold MSP tool(s) vendors accountable for transparency regarding security flaws on their software AND approved integrations.

-Fifth, I will be doing another edit to post a link to the recorded webinar by CISA, courtesy u/huntresslabs. My opinion: I was expecting more from the briefing honestly, but I still believe it's worth a watch to learn more about the big picture. No mention of ransomware, just a slap in the wrist to follow best practices.