Re: "Sources told us reseller XMA sourced the kit but was not asked to configure it"
I'm confused and sceptical about all this too. There isn't enough information to speculate about who to blame but a few thoughts.
The malware is old and detectable but is quite stubborn to remove. My searches have not found a clear description of what the payload might be -- I've seen references to currency mining and general purpose command and control network snooping/data grabbing. All of these activities are high cpu which will show up on such a low spec computer.
The hardware does not have a wired ethernet port, although some models support PXE booting from a USB ethernet dongle. The most likely deployment scenario is from a USB flash drive, which is one of the malware's easiest infection mechanisms. During deployment or WinPE booting, the malware will be running as System so plenty of opportunities to dig in deep on Windows 10. A clean image installed from an infected WinPE boot drive is perfect for it. An alternative infection route is that devices were 'touched up' by a technician running as Admin after the image was installed.
Who might be the culprit?
* Supplier of the original image -- I believe that this was created to specs provided by the DfE.
* Installer of the image -- XMA, another service provider, laptop manufacturer, other?
* Somebody customising the installation post-imaging.
How many laptops affected?
Delivery and manufacture/imaging would have been spread over many weeks. Lots of opportunities for infection via USB drives, perhaps with somebody cleaning up the drives without mentioning it... Unless the base image was infected, it is unlikely that the infection rate is 100% but anything else is speculation.
Is the supplier obscure?
Yes and no. I'd heard of them as an OEM for supermarket brand basic laptops. Reviews scared me from going near one of them but I guess that they are based on a reference design for low cost laptops.
Good value for money?
There may be slightly better buys for c. £200 but you are never going to get much at that price. Apologies in advance for the broad statement which follows. There is a long standing mistaken belief in education that a cheap and cheerful computing device will last as long as the 'standard spec', albeit with lower performance. It is likely that schools will be disrupted for another 12 months and that these laptops will be heavily used. I sincerely hope that HMG and school managers do not think that they will have an extended life.
Much government purchasing during the Covid pandemic is questionable. XMA are participants in a number of public sector purchasing frameworks so tax payers should expect that these craptops were purchased on framework terms -- cost plus a percentage or cost plus a calculated margin. If not, why not?
Let's also bear in mind that reports of the problems are dumbed down for non-technical readers. We have not been told a lot and there is conflicting information. There are a lot of people trying to do the right thing, maybe not getting it right 100% of the time, but let's wish them well.