SJD Accounting and Nixon-Williams – the two contractor-focused bean counting businesses owned by the same parent company as UK umbrella company Parasol hit by a cyberattack – have been hit by online attackers.
The three companies are all nested under the British parent company Optionis group, which describes itself as a “family” of “award-winning tax, umbrella and accounting solutions” for entrepreneurs. We asked Optionis Group whether its other brands, which include contractor accounting organization ClearSky and tax refund specialist Brian Alfred, are also affected.
Sources got in touch last night to say The Reg that the accounting firm disclosed a ‘cybersecurity incident’ to clients via email yesterday, after making vague references to a ‘system outage’ last week.
SJD told its customers yesterday:
Users speculated – once again – that ransomware was behind the attacks, and the statement – seen by El Reg after being sent to customers last night – refers to the intervention of external specialists as well as the extent of the disruption.
Nixon Williams released a almost identical statement on his site this morning.
SJD and Nixon Williams’ sister company, the umbrella company known as the Parasol Group, confirmed late Friday that a cyberattack was at the heart of the prolonged outage of its own network, which our sources say began on May 12. January, impacting payroll processing.
SJD was already hinting at the issues on Twitter last week, calling them a “system crash” that it was trying to “fix”:
We are currently experiencing an ongoing system outage which is impacting SJD Accounting. We are working hard to resolve this issue as a matter of urgency, but currently you will not be able to access SJD Online and we apologize for the inconvenience (1)
— SJD Accounting (@SJDAccountancy) January 13, 2022
SJD Accounting says The Reg in a statement on the cybersecurity incident: “Our security partner and internal team identified the malicious activity very quickly and we are conducting a thorough forensic exercise on this incident. We are working with a team of IT experts to ensure we return to normal operations as soon as possible and we have notified the relevant authorities.”
Customers took to Twitter, as usual these days, to complain about the effects of the attack.
Could you maybe give more details, it’s been off for days? Are we reimbursed for our expenses? Your site currently has the wrong SSL certificate. Not great. In all honesty, SJD online is slow as crap at the best of times.
— Webster Telecom (@webstertelecom) January 14, 2022
As for the parent company Optionis Ltd, its accounts created until October 31, 2020 [PDF]filed in July 2021, revealed its companies providing umbrella outsourcing services accounted for £402.8 million of the group’s total annual revenue of £435.8 million.
Ian Thornton-Trump, CISO of infosec company Cyjax, said The register the communications were reminiscent of those seen during a ransomware attack: “It’s a classic UK SME ransomware experience. It happens and the appearance of ‘maintenance’ turns into ‘investigation’ which turns into ‘security incident’.
“What is needed is a clear explanation and a plan for when normal business operations can be restored.” ®