Businesses around the world are reeling from “Petya,” the latest global ransomware attack, which reached at least 80 large companies and thousands of computers on Tuesday.
The Petya ransomware attacked networks that use Microsoft Windows, exploiting a vulnerability in its software, similar to how the WannaCry virus infected systems just weeks ago, The Guardian reported.
But while big companies suffered, small-to-medium-sized businesses are even more vulnerable to these kinds of attacks because of their limited financial resources.
With less money comes less robust security infrastructure, experts have said.
“A lot of enterprises have enterprise tools that they can use to readily patch all their systems in a timely manner,” said Razmik Ghanaghounian, a senior IR analyst from IBM’s Incident Response and Intelligence Services team.
“Those smaller companies don’t have the necessary skill-sets, resources or the financial costs associated with implementing great infrastructure or support.”
And because of these security discrepancies, smaller businesses may have a harder time recovering after being hit by a widespread ransomware attack, Ghanaghounian added.
Large businesses will often have whole teams of employees dedicated to monitoring its systems for security flaws and immediately addressing any vulnerabilities, said Kurt Roemer, chief security strategist for Citrix.
Small businesses, he said, likely don’t have that luxury.
“Many small businesses might hire a consultant who does security as a percentage of what they contribute but definitely doesn’t have those resources behind them,” Roemer said.
Businesses that patched their systems since then were likely protected from the most recent attacks, Ghanaghounian and Roemer said.
“Microsoft would have released the updates that would have prevented this attack in March. These are definitely preventable events,” Roemer explained.
Since Petya made headlines on Tuesday, experts have questioned whether data destruction was its true goal, rather than ransom money.
According to Roemer, the email provided by the attackers to those affected was disconnected by the ISP that was hosting the email address, cutting off all communication.