Large companies in France are increasingly the targets of cyber attackers who lock up data and demand a ransom, but often refrain from reporting the assaults for fear of hurting their image, according to the French Interior ministry.

Attackers changed strategy in the second half of 2018, ditching smaller companies to go after big corporations, sometimes strategic or vital to the nation’s economy, the ministry said on Tuesday in its 2019 cyber threats report. The trend accelerated this year.

“We can’t exclude that the aim could be destabilization and spying, not just financial gain,” said Colonel Philippe Baudoin, head of the Interior Ministry office tasked with fighting cyber threats, in an interview. He declined to name states or nations that could be responsible. “The line between state-sponsored, state-backed and plain criminality is more and more porous,” he said.

Companies such as Altran SA and Fleury Michon SA are among the few known to have reported incidents in France.

“Attackers are seeking ransom as high as several million euros, and some companies are paying,” Baudoin said, declining to provide further information. “We are strongly encouraging the companies to file complaints.”

Big companies often have better security systems than smaller ones, and attackers have used trusted suppliers to lodge their software, he said. French law enforcement says the Ryuk and the LockerGoga type ransomwares are being used.

In ransomware attacks, a rogue agent takes advantage of malicious software present on a company’s computer system to render it useless until a ransom is paid. Hackers encrypt files, change passwords, and log off users.