More contractor pain: Parasol's sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack
Ransomware suspected but not confirmed
SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.
The three firms are all nested under UK corporate parent Optionis Group, which describes itself as a "family" of "award-winning tax, umbrella and accountancy solutions" aimed at contractors. We have asked Optionis Group if its other brands, which include contractor accounting org ClearSky and tax rebate specialist Brian Alfred, are also affected.
Sources got in touch last night to tell The Reg that the accountancy firm had disclosed a "cyber security incident" to customers by email yesterday, having previously made vague references to a "system outage" last week.
SJD told its customers yesterday:
Further to the communication sent to you on 14th January 2022, we recently suffered a cyber security incident that impacted some of our key systems and caused significant disruption to our services. As soon as we identified the issue, we immediately took action to mitigate its impact with the support of external IT security specialists and are working round the clock to minimise disruption to our services and resume normal operations. In the meantime, we will continue to update you regularly about the progress we are making to restore our systems.
Users have speculated – once again – that ransomware was at the root of the attacks, and the statement – seen by El Reg after being sent to customers yesterday evening – refers to external specialists being brought in as well as the scale of the disruption.
Nixon Williams posted a near-identical statement on its site this morning.
SJD and Nixon Williams' sister company, the umbrella firm known as Parasol Group, confirmed late on Friday that a cyber attack was at the heart of its own prolonged network outage, which our sources confirmed to us began on 12 January, impacting the processing of payroll.
SJD was already alluding to problems on Twitter last week, characterising them as a "system outage" which it was trying to "resolve":
We are currently experiencing an ongoing system outage which is impacting SJD Accountancy. We are working tirelessly to resolve this as a matter of urgency however, you will currently be unable to access SJD Online and we apologise for the inconvenience this will be causing (1)— SJD Accountancy (@SJDAccountancy) January 13, 2022
SJD Accountancy told The Reg in a statement about the cyber security incident: "Our security partner and internal team identified the malicious activity very quickly and we are carrying out an extensive forensic exercise into this incident. We are working with a team of IT experts to ensure we get back to normal operations as quickly as possible and we have informed the relevant authorities."
- Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen
- Ransomware puts New Mexico prison in lockdown: Cameras, doors go offline
- Two sides of the digital coin: Ill-gotten gains in cryptocurrencies double, outpaced by legit use – report
- Police National Computer not pwned by Clop ransomware crims, insists Home Office
Customers took to Twitter, as usual in this day and age, to complain about the effects of the attack.
Maybe you could give some more detail, it's been off for days? Do we get our fees reimbursed? Your site is presenting the wrong SSL certificate at the moment. Not great. In fairness, SJD online is slow as shit at the best of times.— Webster Telecom (@webstertelecom) January 14, 2022
As for parent firm Optionis Ltd, its accounts made up to 31 October 2020 [PDF], filed in July 2021, revealed that its companies providing umbrella contracting services accounted for £402.8m out of the group's total annual revenues of £435.8m.
Ian Thornton-Trump, CISO of infosec firm Cyjax, told The Register the communications were reminiscent of those seen in a ransomware attack: "This is a classic ransomware experience of SMEs in the UK. It happens and the guise of 'maintenance' turns into 'investigation' which turns into 'security incident'.
"What is required is a clear explanation and a plan of when normal business operations may be restored." ®