White hats reported key Kaseya VSA flaw months ago. Ransomware outran the patch