It was another big year for ransomware, the extremely profitable style of cyberattack in which computer systems and data are taken over by hackers and held hostage until the victim hands over a payoff.

In 2019, these attacks wreaked havoc around the globe, earned criminals vast sums, and even occasionally provided a weapon for government hackers. This marked the fifth straight year of growth, with national and local governments and public institutions increasingly becoming targets.

The money: The potential cost of ransomware in the United States last year was over $7.5 billion, according to a recent report from the cybersecurity firm Emisoft that attempted to estimate the impact of a very opaque set of incidents.

The victims: Emisoft tallied up 113 governments and agencies, 764 health-care providers, and up to 1,233 individual schools affected by ransomware in America. Big cities including Baltimore and New Orleans were both struck by ransomware attacks last year.

The why: One root cause, according to an October 2019 report from the State Auditor of Mississippi, is a “disregard for cybersecurity in state government.” Others agree: Research from the University of Maryland published earlier in the year concluded with admirable directness “that most American local governments do a poor job practicing cybersecurity.”

This isn’t a problem just for small towns and their ill-equipped agencies. Last month, a US Coast Guard facility was forced offline for over 30 hours when ransomware hit the base's cameras, access systems, and critical monitoring systems, the BBC reported.