There are too many ransomware attacks to ignore the similarities. It’s either government networks are easy prey, or someone is trying to cash out on the U.S., one attack at a time.

Riviera Beach, Lake City, Baltimore, and Key Biscayne – all of these local governments have been the target of ransomware attacks over the last few months. With payouts as high as $500,000, a single attack can drain a city’s reserves quickly.

And it’s not just city governments that are under attack. Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, testified before the congressional subcommittee on Homeland Security last month, stating that all levels of government are targets of attack, “from relatively robust states to major metropolitan areas to smaller cities and counties.”

In addition, municipalities were added to Cilluffo’s list: “Targets include police and sheriff departments, schools and libraries, health agencies, transit systems, and courts … no jurisdiction is too small or too large,” he said.

The question is whether these are all part of a coordinated effort by a foreign nation-state, such as Iran, Russia, China, or North Korea. Even if they’re not, the best case scenario is that governments and municipalities are seen as easy targets – something the successful attacks we’ve all seen in the news is proving to be true.

In either case, organizations need to prepare with a layered security approach that includes Security Awareness Trainingto stop phishing attacks aimed at tricking users into clicking on malicious attachments and links. With the stakes so high for local governments and municipalities, it’s imperative that security efforts be strengthened – including the user themselves – to avoid becoming a victim of attacks that have proven to be far too costly.