Ransomware has no shortage of cautionary tales and wakeup calls from the past decade. But for local governments, this past year has been a particularly brutal reminder of the threat. Following a 2018 attack that paralyzed the City of Atlanta for weeks, more than half a dozen cities and public services across the country have fallen to ransomware so far in 2019, on a near-monthly basis; the Administrative Office of the Georgia Courts became the latest victim on Saturday, when an attack knocked its systems offline.

The string of attacks on municipalities may seem like a new pattern. But it’s unclear how many of them, if any, were perpetrated by the same actors. And law enforcement officials emphasize that the spate of attacks actually fits into a broader, ever-growing trend of ransomware attacks that spans numerous industry sectors.

"We are seeing an increase in targeted ransomware attacks; however, we do not have enough data to indicate one industry or sector is being targeted more than another," the FBI told WIRED in a statement. "Cyber criminals are opportunistic. They will monetize any network to the fullest extent."

Incident responders agree with this assessment and note that attackers will capitalize on any technique that sees some success, to infect as many targets as possible and maximize the possibility of return.

"There’s definitely an increase or uptick in the amount of ransomware campaigns that we’re seeing out there, but it’s not specific to municipalities or state or federal organizations, it’s just pretty much across the board in every industry vertical," says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec. "We’re working seven consecutive ransomware attacks right now—a couple of manufacturing, a couple of credit unions, and one local type of government incident."

One thing that does set cities and municipalities apart is that they are more likely to publicly disclose attacks and the ransom amounts criminals are seeking, because the attacks often disrupt public systems. Where organizations like businesses and hospitals sometimes have more leeway to work behind closed doors, attacks on government entities can be more immediately visible. And whether a local government is going to rebuild from an attack on its own or pay the ransom, money to respond comes from public funds or through a municipality's cybersecurity insurance. And lately, some municipalities have been very vocally coughing up the cash to hackers.

In March, ransomware hit the court system in rural Jackson County Georgia, between Atlanta and Athens. Jackson County paid attackers $400,000. And throughout June, three Florida municipalities—Key Biscayne, Lake City, and Riviera Beach—were hit with ransomware. Lake City paid 42 bitcoin (almost $500,000) to attackers, and Riviera Beach paid 65 bitcoin (almost $600,000).

"While the size of recent payouts are certainly not groundbreaking, publicly reporting on them is," says Jake Williams, founder of the Georgia-based security firm Rendition Infosec. "There are tons of targets out there, and most of them don't realize they have the exposure. I've never worked a ransomware case where a victim said 'we realized this could happen to us but were playing the odds it wouldn't.' Most of them have heard of ransomware but fail to realize they have an exposure."

Desperate organizations have long paid ransoms as a sort of last-ditch, dirty secret when they don't think they can recover any other way. But incident responders suggest that the recent disclosures may only further fuel attackers' enthusiasm to hit as many local-level government targets as possible. In April, ransomware struck email and baggage systems at Cleveland Hopkins International Airport. In May, Baltimore City was crippled by ransomware, as was the Philadelphia Courts First Judicial District.