SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.

The three firms are all nested under UK corporate parent Optionis Group, which describes itself as a “family” of “award-winning tax, umbrella and accountancy solutions” aimed at contractors. We have asked Optionis Group if its other brands, which include contractor accounting org ClearSky and tax rebate specialist Brian Alfred, are also affected.

The firms share a company director in Doug Crawford, CEO at Parasol, who is also the CEO at SJD and overall parent Optionis.

Sources got in touch last night to tell The Reg that the accountancy firm had disclosed a “cyber security incident” to customers by email yesterday, having previously made vague references to a “system outage” last week.

SJD told its customers yesterday:

Users have speculated – once again – that ransomware was at the root of the attacks, and the statement – seen by El Reg after being sent to customers yesterday evening – refers to external specialists being brought in as well as the scale of the disruption.

Nixon Williams posted a near-identical statement on its site this morning.

SJD and Nixon Williams’ sister company, the umbrella firm known as Parasol Group, confirmed late on Friday that a cyber attack was at the heart of its own prolonged network outage, which our sources confirmed to us began on 12 January, impacting the processing of payroll.

SJD was already alluding to problems on Twitter last week, characterising them as a “system outage” which it was trying to “resolve”:

SJD Accountancy told The Reg in a statement about the cyber security incident: “Our security partner and internal team identified the malicious activity very quickly and we are carrying out an extensive forensic exercise into this incident. We are working with a team of IT experts to ensure we get back to normal operations as quickly as possible and we have informed the relevant authorities.”

Customers took to Twitter, as usual in this day and age, to complain about the effects of the attack.

SJD was set up by notable UK anti-vaccine activist Simon Dolan in 1997 and the Optionis Group snapped it up in September 2014 for a reported £67m.

As for parent firm Optionis Ltd, its accounts made up to 31 October 2020 [PDF], filed in July 2021, revealed that its companies providing umbrella contracting services accounted for £402.8m out of the group’s total annual revenues of £435.8m.

Ian Thornton-Trump, CISO of infosec firm Cyjax, told The Register the communications were reminiscent of those seen in a ransomware attack: “This is a classic ransomware experience of SMEs in the UK. It happens and the guise of ‘maintenance’ turns into ‘investigation’ which turns into ‘security incident’.

“What is required is a clear explanation and a plan of when normal business operations may be restored.” ®