By attacking the tool that MSP's use, REvil was able to get at more customers than if they targeted a tool that only customers use. One MSP may look after the IT infrastructure of a handful, or of hundreds of customers, and thus by attacking the tool that MSP's use to manage all of their customers, hitting the MSP in turn hit all of the customers supported by those MSPs.
REvil, who carried out the attack in July of 2021, were brought to justice in November 2021. The US Department of Justice (DOJ) and Europol communicated on Monday November 8, 2021 that two of the alleged members of REvil had been arrested. The arrests were made in Romania and Ukraine.
REvil was brought to justice by the combined efforts of the FBI, with Cyber Command, and the Secret Service collaborating with organizations from multiple companies who worked together to go after, and take down REvil's online presence and operations.