SolarWinds, the software and IT company that fell victim to a significant supply chain cyberattack in 2020, has recently announced its acquisition by Turn/River Capital for a hefty sum of $4.4 billion. This acquisition comes as a result of Turn/River Capital offering $18.50 per share for SolarWinds, pushing the deal forward towards finalization.
The decision to acquire SolarWinds was met with unanimous approval from the company’s board of directors, as well as written approval from Thoma Bravo and Silver Lake, SolarWinds’ major shareholders with a combined 65% stake in the company. Following the acquisition, SolarWinds will transition into a privately held entity, ceasing its listing on the New York Stock Exchange, while retaining its original name and remaining headquartered in Austin, Texas.
In response to the acquisition, Sudhakar Ramakrishna, the president and CEO of SolarWinds, expressed his confidence in the partnership with Turn/River Capital. Ramakrishna stated, “This successful transaction and exciting partnership are testaments to our employees’ outstanding work of building exceptional solutions and delivering great customer success. We are confident that Turn/River’s expertise and growth orientation will help us ensure SolarWinds continues to drive innovation and deliver even greater value for customers and stakeholders.”
The acquisition of SolarWinds by Turn/River Capital marks a significant milestone for the company, which has been grappling with the aftermath of a major supply chain cyberattack in 2020. The breach, which impacted approximately 33,000 of SolarWinds’ customers, including numerous organizations and the US government, targeted the SolarWinds Orion management system. It is believed that Nobelium, a nation-state hacking group, infiltrated the company’s networks in September 2019, gaining unauthorized access.
The attackers inserted malicious code, known as Sunburst, into the Orion system, infecting a software update that compromised all software builds for versions 2019.4 HF 5 through 2020.1.1. More than 18,000 SolarWinds customers unwittingly installed these compromised updates, resulting in a ripple effect of security breaches. The repercussions of this breach have been long-lasting, with the Securities and Exchange Commission (SEC) charging SolarWinds and its CISO Tim Brown with fraud and internal control failures in 2023.
The SEC’s charges alleged that Brown neglected warnings about the company’s cybersecurity vulnerabilities, leaving SolarWinds susceptible to malicious attacks. Furthermore, the SEC has continued to scrutinize the details of the breach, signaling a lasting impact on the cybersecurity industry. Last year, the SEC imposed fines on four companies – Unisys, Avaya Holdings Corp., Checkpoint, and Mimecast – for reportedly downplaying the effects of the SolarWinds breach on their systems.
Moving forward, the SEC aims to discourage companies from issuing ambiguous data breach disclosures following major incidents like the SolarWinds attack. As SolarWinds transitions into a new phase under the ownership of Turn/River Capital, the company seeks to prioritize innovation, customer value, and cybersecurity resilience in the face of evolving threats and challenges in the digital landscape.