- It's disguised malware which they probably don't want to host (even if it's widely reported, not everyone will have heard). It's probably significantly easier to disable the repo than for them to roll it back - and even if they wanted to roll it back it's not clear where to roll back to, and introduces more confusion.
- They were probably getting a continuous stream of reports regarding the repo.
- The repo was generating a continuous stream of "lol wow" comments on every object in it regarding the situation.
- They are probably concerned about fallout towards their reputation.
- No one has a pressing need to access the repo. You can't safely use the code from it etc. I'm sure someone will upload it somewhere for study soon enough. (Preferably in such a way that it's obviously to be treated as malware)
- The most likely scenario is that momentum will gather around a fork which will be a different URL anyway...
It's the cause, but the logic is missing.