More contractor pain: Parasol's sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack

The Register - Tue Jan 18 14:25

SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.

The three firms are all nested under UK corporate parent Optionis Group, which describes itself as a "family" of "award-winning tax, umbrella and accountancy solutions" aimed at contractors. We have asked Optionis Group if its other brands, which include contractor accounting org ClearSky and tax rebate specialist Brian Alfred, are also affected.

The firms share a company director in Doug Crawford, CEO at Parasol, who is also the CEO at SJD and overall parent Optionis.

Sources got in touch last night to tell The Reg that the accountancy firm had disclosed a "cyber security incident" to customers by email yesterday, having previously made vague references to a "system outage" last week.

SJD told its customers yesterday:

Users have speculated – once again – that ransomware was at the root of the attacks, and the statement – seen by El Reg after being sent to customers yesterday evening – refers to external specialists being brought in as well as the scale of the disruption.

Nixon Williams posted a near-identical statement on its site this morning.

SJD and Nixon Williams' sister company, the umbrella firm known as Parasol Group, confirmed late on Friday that a cyber attack was at the heart of its own prolonged network outage, which our sources confirmed to us began on 12 January, impacting the processing of payroll.

SJD was already alluding to problems on Twitter last week, characterising them as a "system outage" which it was trying to "resolve":

We are currently experiencing an ongoing system outage which is impacting SJD Accountancy. We are working tirelessly to resolve this as a matter of urgency however, you will currently be unable to access SJD Online and we apologise for the inconvenience this will be causing (1)

— SJD Accountancy (@SJDAccountancy) January 13, 2022

We have attempted to contact SJD Accountancy and will update this article if the firm responds.

Customers took to Twitter, as usual in this day and age, to complain about the effects of the attack.

Maybe you could give some more detail, it's been off for days? Do we get our fees reimbursed? Your site is presenting the wrong SSL certificate at the moment. Not great. In fairness, SJD online is slow as shit at the best of times.

— Webster Telecom (@webstertelecom) January 14, 2022

SJD was set up by notable UK anti-vaccine activist Simon Dolan and the Optionis Group snapped it up in September 2014 for a reported £67m.

As for parent firm Optionis Ltd, its accounts made up to 31 October 2020 [PDF], filed in July 2021, revealed that its companies providing umbrella contracting services accounted for £402.8m out of the group's total annual revenues of £435.8m.

Ian Thornton-Trump, CISO of infosec firm Cyjax, told The Register the communications were reminiscent of those seen in a ransomware attack: "This is a classic ransomware experience of SMEs in the UK. It happens and the guise of 'maintenance' turns into 'investigation' which turns into 'security incident'.

"What is required is a clear explanation and a plan of when normal business operations may be restored." ®