Tech

SolarWinds hack has shaved 23% from software company's stock this week

Share
Key Points
  • The meltdown began on Dec. 13 when Reuters reported that hackers potentially linked to Russia had gained access to email systems at the U.S. Commerce and Treasury departments, and that the attackers got in by way of SolarWinds software updates.
  • The Homeland Security agency on Sunday instructed federal agencies that were affected to disconnect or power down certain versions of SolarWinds software in their networks, and Microsoft warned customers its antivirus tool would begin blocking malicious SolarWinds software.
  • Last week SolarWinds announced a new CEO, and two private-equity firms sold shares ahead of the drop.

In this article

Kevin Thompson, chief executive officer of Solarwinds Inc., center, cheers while ringing the opening bell during the company's initial public offering (IPO) on the floor of the New York Stock Exchange (NYSE) in New York, U.S., on Friday, Oct. 19, 2018.
Victor J. Blue | Bloomberg | Getty Images

Shares of IT management software maker SolarWinds are down 23% this week after the company disclosed a cyberattack against its software that affected U.S. government customers. The hack could have a considerable impact on prominent organizations, and potentially on the company's future.

SolarWinds, based in Austin, Texas, offers a variety of tools organizations can use to manage their software. Competitors include BMC, CA, Cisco and IBM. The company has over 300,000 customers, and the U.S. government is a notable part of its customer base.

"We depend on the U.S. federal government in certain calendar quarters for a meaningful portion of our on-premise license sales," SolarWinds said in its most recent annual report. "The delay or loss of these sales may harm our operating results."

The meltdown began on Dec. 13 when Reuters reported that hackers potentially linked to Russia had gained access to email systems at the U.S. Commerce and Treasury departments, and that the attackers got in by way of SolarWinds software updates. The New York Times later said the Defense Department, State Department and Department of Homeland Security were affected.

The Homeland Security agency on Sunday instructed federal agencies that were affected to disconnect or power down certain versions of SolarWinds software in their networks. Microsoft warned customers its antivirus tool would begin blocking malicious SolarWinds software.

A page that has been removed from SolarWinds' website boasted that "all five branches of the U.S. military" were customers, along with many major federal agencies.

In a Dec. 14 regulatory filing, SolarWinds said that it estimated less than 10% of its customers had software that contained the vulnerability, and that it had sent an alert to customers that might have been affected. The company said it believed the vulnerability was added into its software between March and June.

Reuters reported, citing unnamed people, that the SolarWinds attack is related to a breach of software tools maintained by security company FireEye, an incident FireEye disclosed on Dec. 8.

Shares were down 0.2%, after an 8% fall on Tuesday and a nearly 17% fall on Monday, which was the stock's worst trading day since the company went public in 2018.

Still, one analyst isn't so sure the attack, which Microsoft dubbed Solorigate, will have a major impact on the company.

"We believe the SolarWinds brand will remain intact as customers continue to seek the company's attractive value proposition," JMP Securities analyst Erik Suppiger, who has the equivalent of a buy rating on SolarWinds stock, wrote in a note distributed to clients on Tuesday.

Filings show that two private-equity firms, Silver Lake and Thoma Bravo, sold some of their SolarWinds stock on Dec. 7 at $21.97 per share, before this week's fall. The firms acquired SolarWinds for $4.5 billion in 2016 and owned more than 80% of the company after its initial public offering. Today six of SolarWinds' 11 board members have ties to Silver Lake or Thoma Bravo.

"Thoma Bravo and Silver Lake were not aware of this potential cyberattack at SolarWinds prior to entering into a private placement to a single institutional investor on 12/7," a spokesperson representing the firms told CNBC in an email.

 On Dec. 9 SolarWinds said that its CEO for the past decade, Kevin Thompson, had resigned two days earlier, and announced that Sudhakar Ramakrishna, CEO of privately held Pulse Secure, would replace Thompson.

WATCH: Security expert advises all organizations to do a 'proactive threat hunt' of data

VIDEO5:3305:33
Security expert advises all organizations to do a 'proactive threat hunt' of data