In March of this year, Atlanta was hit with a crippling cyberattack from which it is still trying to recover. Shortly thereafter, Baltimore’s 9-1-1 system was hit. Now, it seems, those cyberattacks were the early beginnings of hackers targeting towns across the United States.

“We’re right at the front end of this,” Marshall Davies, executive director of the Public Risk Management Association in Alexandria Virginia, told The Wall Street Journal. According to Davies, hackers are now turning to public entities after years of going after businesses.

Referencing research company Ponemon Institute, The Wall Street Journal reports that cyberattacks seem to be growing faster in the public sector, versus the private sector. “Ponemon estimates 38% of the public entities it samples will suffer a ransomware attack this year, based on reports through May, up from 31% last year and 13% in 2016,” writes The Wall Street Journal.

These types of attacks hit communities hard because local governments are often already strapped for cash. Add to that the pressure to get things up and running again, with clean-up and recovery costs and investment in system upgrades, and it’s easy to see why some municipalities might be tempted to pay the ransom to make the problem go away.

When Rockport Maine was hit with a ransomware attack on Friday, April 13, town officials were unable to open files on their computers. The hackers wanted $1,200 in Bitcoin to restore the files–a cost that one town official thought was nominal enough.

But, the FBI and other cybersecurity experts advise against paying ransom. The reason: It’s not a guaranteed remedy and it can make you a more likely target in the future.

Heeding that expert advice, Rockport did not pay the hackers. Instead, files were recovered from a backup server and the town was back in action a week later. All told, the recovery costs amounted to about $40,000, including restoration work, security improvements, and a cloud-based backup system.

It seems cybercriminals go for the low-hanging fruit–seeking out wherever the vulnerabilities exists.

Get the full story at The Wall Street Journal.