SolarWinds to be Acquired by Turn/River Capital for $4.4 Billion
A New Chapter for the Company
SolarWinds, the software and IT company that faced a major supply chain cyberattack in 2020, today announced that it will be acquired by Turn/River Capital for $4.4 billion, or $18.50 per share. This acquisition marks a significant milestone for the company, as it will become a privately held entity, no longer listed on the New York Stock Exchange.
Unanimous Approval from Board of Directors and Majority Shareholders
Along with unanimous approval from its board of directors, the transaction also received written approval from Thoma Bravo and Silver Lake, SolarWinds’ majority shareholders with a combined 65% of the outstanding voting securities. This demonstrates the confidence that these key stakeholders have in the company’s future prospects.
Private Ownership and Continued Operations
SolarWinds will continue to operate under the name SolarWinds and stay headquartered in Austin, Texas. The company’s employees and customers can expect business as usual, with the added benefit of a new ownership structure that will enable the company to focus on innovation and growth.
Statement from Sudhakar Ramakrishna, President and CEO
"This successful transaction and exciting partnership are testaments to our employees’ outstanding work of building exceptional solutions and delivering great customer success," said Sudhakar Ramakrishna, president and CEO of SolarWinds, in a statement. "We are confident that Turn/River’s expertise and growth orientation will help us ensure SolarWinds continues to drive innovation and deliver even greater value for customers and stakeholders."
The Sunburst Attack: A Lasting Impact
The Sunburst attack, which occurred in 2020, had a profound impact on the cybersecurity industry. Roughly 33,000 of SolarWinds’ customers were impacted, including thousands of organizations and the US government. The breach targeted the SolarWinds Orion management system, where it is believed that Nobelium, a nation-state hacking group, gained access to the company’s networks in September 2019.
Consequences and Lessons Learned
The attackers inserted malicious code, known as Sunburst, into the Orion system, infecting a software update that led to the compromise of all software builds for versions 2019.4 HF 5 through 2020.1.1. More than 18,000 SolarWinds customers installed these updates, creating a domino effect in those that fell victim to the attack. Years later, in 2023, the Securities and Exchange Commission (SEC) charged SolarWinds and its CISO Tim Brown with fraud and internal control failures, alleging that by ignoring warnings about the company’s vulnerable cybersecurity posture, Brown knowingly left the company unprotected.
Industry Impact and Ongoing Review
This breach has had lasting impacts in the cybersecurity industry, and though the attack occurred nearly five years ago, the SEC continues to review the details. Last October, the SEC charged four companies — Unisys, Avaya Holdings Corp., Checkpoint, and Mimecast — for what the regulator said were intentional attempts to minimize the impact of the hack to their systems. It also vowed to deter other companies from submitting vague data breach disclosures after major events like SolarWinds.
Source Link