NEWS BRIEF
SolarWinds, the software program and IT firm that confronted a serious provide chain cyberattack in 2020, as we speak introduced that will probably be acquired by Flip/River Capital for $4.4 billion, or $18.50 per share.
Together with unanimous approval from its board of administrators, the transaction additionally obtained written approval from Thoma Bravo and Silver Lake, SolarWinds’ majority shareholders with a mixed 65% of the excellent voting securities.
SolarWinds will change into a privately held firm, not listed on the New York Inventory Alternate, although it would proceed to function underneath the title SolarWinds and keep headquartered in Austin, Texas.
“This profitable transaction and thrilling partnership are testaments to our workers’ excellent work of constructing distinctive options and delivering nice buyer success,” stated Sudhakar Ramakrishna, president and CEO of SolarWinds, in a press release. “We’re assured that Flip/River’s experience and development orientation will assist us guarantee SolarWinds continues to drive innovation and ship even larger worth for patrons and stakeholders.”
The Sunburst Assault Continues to Burn
In 2020, roughly 33,000 of SolarWinds’ prospects have been impacted in a serious provide chain assault, affecting 1000’s of organizations in addition to the US authorities. The breach focused the SolarWinds Orion administration system, the place it’s believed that Nobelium, a nation-state hacking group, gained entry to the corporate’s networks in September 2019.
The attackers inserted malicious code, referred to as Sunburst, into the Orion system, infecting a software program replace that led to the compromise of all software program builds for variations 2019.4 HF 5 via 2020.1.1. Greater than 18,000 SolarWinds prospects put in these updates, making a domino impact in those who fell sufferer to the assault. Years later, in 2023, the Securities and Alternate Fee (SEC) charged SolarWinds and its CISO Tim Brown with fraud and inner management failures, alleging that by ignoring warnings in regards to the firm’s susceptible cybersecurity posture, Brown knowingly left the corporate unprotected.
This breach has had lasting impacts within the cybersecurity business, and although the assault occurred almost 5 years in the past, the SEC continues to evaluate the small print. Final October, the SEC charged 4 corporations — Unisys, Avaya Holdings Corp., Checkpoint, and Mimecast — for what the regulator stated have been intentional makes an attempt to attenuate the impression of the hack to their methods. It additionally vowed to discourage different corporations from submitting imprecise knowledge breach disclosures after main occasions like SolarWinds.