NEWS BRIEF
SolarWinds, the software program and IT firm that confronted a significant provide chain cyberattack in 2020, at the moment introduced that it will likely be acquired by Flip/River Capital for $4.4 billion, or $18.50 per share.
Together with unanimous approval from its board of administrators, the transaction additionally acquired written approval from Thoma Bravo and Silver Lake, SolarWinds’ majority shareholders with a mixed 65% of the excellent voting securities.
SolarWinds will turn out to be a privately held firm, now not listed on the New York Inventory Change, although it is going to proceed to function beneath the title SolarWinds and keep headquartered in Austin, Texas.
“This profitable transaction and thrilling partnership are testaments to our staff’ excellent work of constructing distinctive options and delivering nice buyer success,” mentioned Sudhakar Ramakrishna, president and CEO of SolarWinds, in a press release. “We’re assured that Flip/River’s experience and progress orientation will assist us guarantee SolarWinds continues to drive innovation and ship even larger worth for purchasers and stakeholders.”
The Sunburst Assault Continues to Burn
In 2020, roughly 33,000 of SolarWinds’ clients had been impacted in a significant provide chain assault, affecting 1000’s of organizations in addition to the US authorities. The breach focused the SolarWinds Orion administration system, the place it’s believed that Nobelium, a nation-state hacking group, gained entry to the corporate’s networks in September 2019.
The attackers inserted malicious code, referred to as Sunburst, into the Orion system, infecting a software program replace that led to the compromise of all software program builds for variations 2019.4 HF 5 via 2020.1.1. Greater than 18,000 SolarWinds clients put in these updates, making a domino impact in those who fell sufferer to the assault. Years later, in 2023, the Securities and Change Fee (SEC) charged SolarWinds and its CISO Tim Brown with fraud and inner management failures, alleging that by ignoring warnings in regards to the firm’s weak cybersecurity posture, Brown knowingly left the corporate unprotected.
This breach has had lasting impacts within the cybersecurity trade, and although the assault occurred almost 5 years in the past, the SEC continues to overview the main points. Final October, the SEC charged 4 corporations — Unisys, Avaya Holdings Corp., Checkpoint, and Mimecast — for what the regulator mentioned had been intentional makes an attempt to reduce the influence of the hack to their methods. It additionally vowed to discourage different corporations from submitting obscure information breach disclosures after main occasions like SolarWinds.
