I am glad that they were able to get their data back and be operational again without paying a criminal a ransom, it makes me sick to think that miscreants can make money so easily!
This scenario where by “their” MSP had given them advice but they decided to wait, is incorrectly using the term MSP.
An MSP either manages security for a client or does not manage security, in this case they did not prior to the breach, they were a security advisor.
Something worth considering for all MSP’s is where you provide an Adhoc advisory service you should have an agreement with the client that stipulates where your responsibility lays and where it ends and where the clients starts and ends.
In the case of ever increasing and tightening reporting requirements and breached clients potentially being sued for damages, it is your reputation as the MSP that will be affected in a blame game scenario.