FBI Warns of Rising ATM Jackpotting Attacks, $20M Lost in 2025
scsecFebruary 22, 20261 Mins read 
The FBI has reported a significant rise in ATM jackpotting attacks across the United States, resulting in losses of over $20 million in 2025 alone. Since 2020, approximately 1,900 incidents have been recorded, with 700 occurring last year. According to the U.S. Department of Justice, total losses from jackpotting attacks since 2021 have reached about $40.73 million.
ATM jackpotting involves exploiting both physical and software vulnerabilities to dispense cash without a legitimate transaction. Cybercriminals often use malware, such as Ploutus, which interacts directly with ATM hardware and bypasses bank authorization systems. Attackers typically gain access to the ATM by opening the machine with generic keys, then deploy the malware by either removing the hard drive, copying the malicious software, and reinstalling it, or by replacing the hard drive entirely with a preloaded version.
The malware does not require a connection to an actual bank card or account, allowing it to work across ATMs from multiple manufacturers with minimal changes. Ploutus, first identified in Mexico in 2013, leverages the eXtensions for Financial Services (XFS) layer of ATM software. This allows attackers to issue commands directly to the ATM hardware, bypassing authorization processes and triggering cash dispensing in minutes, often without detection until after the theft occurs.
The FBI has recommended multiple steps to mitigate jackpotting risks, including:
- Enhancing physical security with sensors and cameras
- Replacing standard ATM locks with secure alternatives
- Auditing ATM devices and changing default credentials
- Enabling automatic shutdown if compromise indicators are detected
- Enforcing device allowlisting to prevent unauthorized hardware connections
- Maintaining detailed logs for security monitoring
These measures are critical for financial institutions to reduce the risk of ATM jackpotting attacks and protect customer funds.
1 Comment
Leave a Reply to scsec Cancel reply
Related Articles
Outdated Systems and Vulnerable Apps Leave Most Enterprises Exposed to Cyberattacks
A recent security analysis highlights a widespread problem in enterprise environments: many...
APT28 Turns Vulnerable Routers into a Global DNS Hijacking and Espionage Network
A Russia-linked cyber espionage group, widely tracked as APT28, has been connected...
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure via PLC Attacks
Iran-Linked Hackers Target U.S. Critical Infrastructure via Internet-Exposed PLCs Iran-affiliated cyber actors...
Cybercrime, FBI IC3, Investment Fraud, Ransomware, Cryptocurrency Scams
FBI Reports Cybercrime Losses Nearly $21 Billion in 2025 The FBI’s Internet...
The rise in ATM jackpotting attacks shows how cybercriminals are combining physical access with malware to bypass traditional banking security. Financial institutions should strengthen both physical and software defenses, including monitoring, device allowlisting, and automatic shutdowns, to prevent losses and protect customer funds.