The U.S. Federal Bureau of Investigation (FBI) has warned of a rise in ATM jackpotting incidents throughout the nation, resulting in losses of greater than $20 million in 2025.
The company mentioned 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 happened final yr. In December 2025, the U.S. Division of Justice (DoJ) mentioned about $40.73 million has been collectively misplaced to jackpotting assaults since 2021.
“Menace actors exploit bodily and software program vulnerabilities in ATMs and deploy malware to dispense money with no official transaction,” the FBI mentioned in a Thursday bulletin.
The jackpotting assaults contain the usage of specialised malware, resembling Ploutus, to contaminate ATMs and power them to dispense money. Normally, cybercriminals have been noticed gaining unauthorized entry to the machines by opening an ATM face with broadly accessible generic keys.
There are at the very least two alternative ways by which the malware is deployed: Eradicating the ATM’s onerous drive, adopted by both connecting it to their laptop, copying it to the onerous drive, attaching it again to the ATM, and rebooting the ATM, or changing it fully with a international onerous drive preloaded with the malware and rebooting it.
Whatever the methodology used, the top outcome is similar. The malware is designed to work together instantly with the ATM {hardware}, thereby getting round any safety controls current within the authentic ATM software program.
As a result of the malware doesn’t require a connection to an precise financial institution card or buyer account to dispense money, it may be used towards ATMs of various producers with little to no code adjustments, because the underlying Home windows working system is exploited throughout the assault.
Ploutus was first noticed in Mexico in 2013. As soon as put in, it grants menace actors full management over an ATM, enabling them to set off cash-outs that the FBI mentioned can happen in minutes and are more durable to detect till after the cash is withdrawn.
“Ploutus malware exploits the eXtensions for Monetary Providers (XFS), the layer of software program that instructs an ATM what to bodily do,” the FBI defined.
“When a official transaction happens, the ATM utility sends directions by XFS for financial institution authorization. If a menace actor can challenge their very own instructions to XFS, they will bypass financial institution authorization fully and instruct the ATM to dispense money on demand.”
The company has outlined an extended listing of suggestions that organizations can undertake to mitigate jackpotting dangers. This contains tightening bodily safety by putting in menace sensors, organising safety cameras, and altering normal locks on ATM gadgets.
Different measures contain auditing ATM gadgets, altering default credentials, configuring an computerized shutdown mode as soon as indicators of compromise are detected, imposing gadget allowlisting to forestall connection of unauthorized gadgets, and sustaining logs.
