FBI Warns of Rising ATM Jackpotting Attacks, $20M Lost in 2025
scsecFebruary 22, 20261 Mins read 
The FBI has reported a significant rise in ATM jackpotting attacks across the United States, resulting in losses of over $20 million in 2025 alone. Since 2020, approximately 1,900 incidents have been recorded, with 700 occurring last year. According to the U.S. Department of Justice, total losses from jackpotting attacks since 2021 have reached about $40.73 million.
ATM jackpotting involves exploiting both physical and software vulnerabilities to dispense cash without a legitimate transaction. Cybercriminals often use malware, such as Ploutus, which interacts directly with ATM hardware and bypasses bank authorization systems. Attackers typically gain access to the ATM by opening the machine with generic keys, then deploy the malware by either removing the hard drive, copying the malicious software, and reinstalling it, or by replacing the hard drive entirely with a preloaded version.
The malware does not require a connection to an actual bank card or account, allowing it to work across ATMs from multiple manufacturers with minimal changes. Ploutus, first identified in Mexico in 2013, leverages the eXtensions for Financial Services (XFS) layer of ATM software. This allows attackers to issue commands directly to the ATM hardware, bypassing authorization processes and triggering cash dispensing in minutes, often without detection until after the theft occurs.
The FBI has recommended multiple steps to mitigate jackpotting risks, including:
- Enhancing physical security with sensors and cameras
- Replacing standard ATM locks with secure alternatives
- Auditing ATM devices and changing default credentials
- Enabling automatic shutdown if compromise indicators are detected
- Enforcing device allowlisting to prevent unauthorized hardware connections
- Maintaining detailed logs for security monitoring
These measures are critical for financial institutions to reduce the risk of ATM jackpotting attacks and protect customer funds.
1 Comment
Leave a Reply
Related Articles
BlackBerry Report: Governments Rely on WhatsApp Despite Widespread Misunderstanding of Messaging Security
A new report from BlackBerry Secure Communications highlights widespread confusion among government...
UK Opens Formal Investigation Into Telegram Over CSAM and Child Safety Compliance Concerns
The United Kingdom’s communications regulator, Ofcom, has launched a formal investigation into...
Over 1,500 Perforce Servers Still Expose Sensitive Source Code and Critical Data to Attackers
Thousands of internet-facing Perforce P4 servers are still exposing sensitive data due...
NGate Malware Hijacks NFC Payments on Android to Steal Card Data
A newly discovered variant of the NGate Android malware is targeting users...
The rise in ATM jackpotting attacks shows how cybercriminals are combining physical access with malware to bypass traditional banking security. Financial institutions should strengthen both physical and software defenses, including monitoring, device allowlisting, and automatic shutdowns, to prevent losses and protect customer funds.