The March 22 ransomware attack on Atlanta, Georgia, could cost the city an additional $9.5 million in recovery funds, Reuters reports.

Why it matters: That’s likely not the final number of how much the cyberattack will cost the city. Although Atlanta’s administration hasn’t revealed a lot about the scope of the impact from the hack, we now know the cyberattack’s reach was larger than previously known, according to Atlantas’s Information Management head, Daphne Rackley, who said the list of what was affected is "growing every day." And the administrators are still working out total costs.

The impact: More than a third of the Atlanta’s 424 software programs are disabled, and some are mission critical, meaning they impact the city’s core functions. Police have lost records of dash cam footage and courts have lost decades of legal documents.

The big picture: Ransomware hacks are not showing signs of stopping any time soon. If states already strapped for cash become targets for similar attacks, this will become a very expensive ordeal — even if cities don't pay the ransom to gain back access to files or systems it was shut out of during the hack.

What to do: Many experts do not recommend cities pay ransoms in ransomware hacks since cities could still dish out potentially thousands of dollars and still be stuck in the hack. Updating software and not clicking on links in emails, or visiting suspicious web sites could prevent ransomware hacks from starting in the first place.