FBI Issues Warning on Rising ATM Jackpotting Incidents
The Federal Bureau of Investigation (FBI) has recently alerted the public about a troubling surge in ATM jackpotting incidents across the United States. This warning is particularly significant given the rapid increase in attacks targeting ATMs over the last few years.
The Scope of the Problem
Since 2020, there have been over 1,900 reported cases of ATM jackpotting incidents, with more than 700 of those occurring just in 2025. The financial ramifications are substantial, with losses surpassing $20 million. Unlike traditional forms of banking fraud that target customer accounts, these attacks circumvent those entirely, allowing attackers to access cash in a matter of minutes.
The Role of Ploutus Malware
One of the primary facilitators behind this wave of attacks is malware from the Ploutus family. This specific type of malware is designed to exploit vulnerabilities in the eXtensions for Financial Services (XFS) software layer, integral to the operation of ATM hardware. Once the Ploutus malware is introduced into the system, it enables the perpetrator to send commands directly to the cash dispensing unit, effectively overriding bank authorization protocols.
Security experts have highlighted that Ploutus is one of the most sophisticated forms of ATM malware identified in recent financial cybercrime trends. First discovered in 2013 by Symantec, its original targets were large-scale operations in Mexico, but it has since evolved, now affecting systems from a variety of ATM manufacturers, including Diebold Nixdorf.
The FBI points out that such attacks are especially concerning as they tend to focus on manipulating ATM hardware rather than breaching bank networks. This makes detection through standard cybersecurity methods considerably more challenging.
Physical Access: A Critical Vulnerability
A particularly alarming detail from the FBI’s advisory is the reliance on physical access for many of these attacks. Cybercriminals often employ a range of tactics to gain entry, including:
- Opening ATM panels with generic keys easily available online.
- Swapping out hard drives with tampered versions.
- Connecting external devices, such as USB sticks or keyboards.
Given that many ATMs operate on Windows-based systems, attackers can easily run harmful files after gaining physical entry.
The FBI has also identified several signs of compromise that may indicate malware presence, such as unauthorized remote access applications like AnyDesk or TeamViewer, alongside suspicious executable files loaded onto ATM systems. This emphasizes that while digital security measures are important, robust physical defenses are equally critical.
Organized Crime and ATM Jackpotting
The FBI’s warning comes on the heels of a significant indictment by the U.S. Department of Justice, which charged several individuals involved in a coordinated scheme targeting credit union ATMs. Investigators revealed that from February 2024 to December 2025, attackers managed to steal at least $5.4 million across 63 ATM machines, while an additional $1.4 million in theft attempts was thwarted.
The investigative report highlighted that these criminals often scout ATM locations ahead of time, assessing security systems prior to implementing their malware attacks. One incident in Kearney, Nebraska, reportedly led to a loss of nearly $300,000 for a credit union.
These developments indicate that ATM jackpotting is no longer an isolated cybercrime but rather part of larger organized financial crime networks.
Strengthening Security Measures is Imperative
In light of the rising number of ATM jackpotting incidents, the FBI has urged financial institutions to bolster both their physical and technical defenses. Recommended strategies include:
- Implementing hardware monitoring and device whitelisting.
- Employing disk encryption and maintaining meticulous audit logs.
- Establishing a verified “gold image” baseline for ATM software to enable quick detection of unauthorized modifications.
As cybercriminals continue to refine their strategies by targeting these less-protected endpoints, financial institutions must realize that ATM security is not merely an operational issue; it is now a pressing cybersecurity concern. Addressing physical vulnerabilities, alongside enhancing digital security protocols, will be essential in combating this evolving threat.
