FirstFreelance Hacked Too

**saptastic** · 26 January 2022, 16:49

Originally posted by eek View Post

30 seconds of research

Ultimate owner of Brookson is Riverside Partners

Ultimate owner of Optionis are Sovereign Capital Partners Llp

so completely different.

Both PE investments from the looks of it

**Fred Bloggs** · 26 January 2022, 16:57

Originally posted by Lance View Post

Occam's razor would suggest ransomware though. And they have shut down/disconnected all other systems to prevent destruction of more information whilst they isolate it. **** the punters for now, they just want to avoid a huge Bitcoin bill.

Too late for that?

**Paralytic** · 26 January 2022, 17:03

Originally posted by Lance View Post

Occam's razor would suggest ransomware though. And they have shut down/disconnected all other systems to prevent destruction of more information whilst they isolate it. **** the punters for now, they just want to avoid a huge Bitcoin bill.

Yes, I suggested ransomware when the first Umbrella got taken down. It can be both. Log4J vulnerability to get access, then inject ransomware.

**Lance** · 26 January 2022, 17:30

Originally posted by Fred Bloggs View Post

Too late for that?

Depends how much was encrypted before they spotted it. And depends how good their backups are or whether the backups got hosed first (common tactic).
I guess we won’t find out unless they go bankrupt and the administrators make it public knowledge. Which is quite probably if they’re owned by a hedge fund.
Glad I’m not with them. Glad I completed my SATR already.
Really glad I left them about 6 years ago when I had some benchtime.

**LordOfLard** · 7 February 2022, 11:20

SJD Online was also using PHP 5.3, which was EOL'd hundreds of years ago by now and suggests they aren't even bothering to keep their systems up to date.

I'm not saying they got hacked this way, but stuff like this is always a symptom of poor practice.

**LordOfLard** · 7 February 2022, 11:22

Also I'd like to point out FirsFreelance's address on that contact page is the exact same one as SJD's in Hemel Hempstead.

**agentzero** · 8 February 2022, 18:32

https://www.theregister.com/2022/02/..._vice_society/

Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

**Flashback** · 11 February 2022, 22:15

It also looks like SJD online (online.sjdaccountancy.com) is 'back', sort of. I was in the process of moving from them anyway but this obviously sealed the deal.

All transactions that were there before it went offline, are still there. So if it was ransomware then it was a very current backup they were able to restore from at least.

**Lance** · 12 February 2022, 11:40

Originally posted by Flashback View Post

It also looks like SJD online (online.sjdaccountancy.com) is 'back', sort of. I was in the process of moving from them anyway but this obviously sealed the deal.

All transactions that were there before it went offline, are still there. So if it was ransomware then it was a very current backup they were able to restore from at least.

Ransomware goes for files on file systems (desktop and servers). Not web apps.
We know it was ransomware, and we know the group that did it.

I speculate that the reason their web apps were down was because IT pulled the plug to limit damage. That is a standard incident response to ransomware.
And once they had identified and removed all ransomware they turned systems back on.

FirstFreelance Hacked Too

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

FirstFreelance Hacked Too

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud