The Federal Bureau of Investigation (FBI) has issued a critical cybersecurity alert regarding a significant surge in ATM jackpotting attacks across the United States. These sophisticated cybercrimes involve hackers using malware to force ATMs to dispense cash without authorization, leading to substantial financial losses for financial institutions. The trend highlights growing vulnerabilities in aging ATM systems.

Key Takeaways

• The FBI has reported a sharp increase in ATM jackpotting attacks nationwide.

• Since 2020, nearly 1,900 attacks have been recorded, with losses exceeding $20 million in 2025 alone.

• Hackers exploit physical and software vulnerabilities, often targeting older Windows operating systems within ATMs.

• Malware like Ploutus is used to override transaction processes and force cash dispensing.

• While direct consumer accounts are not targeted, the financial impact can trickle down to customers through increased fees and reduced services.

How ATM Jackpotting Works

ATM jackpotting attacks typically involve criminals gaining physical access to an ATM's maintenance cabinet. Once inside, they can remove the storage drive and load it with malicious software, or swap it with a compromised drive. After the machine reboots, the malware, such as the widely used Ploutus strain, takes control. This malware targets the XFS (eXtensions for Financial Services) software, which ATMs use to communicate with banks. Instead of authorizing a legitimate transaction, the malware sends direct commands to the ATM, forcing it to dispense cash from its vault without requiring a card or PIN.

Vulnerabilities in ATM Systems

A primary reason for the escalating threat is the reliance of many ATMs on outdated operating systems, including older versions of Windows. Some machines have been observed running systems like Windows 7, which has been officially discontinued for years. These aging systems often contain exploitable vulnerabilities that attackers can leverage across various ATM brands and financial networks, as the attacks are not tied to specific manufacturers but rather common system weaknesses.

FBI's Recommended Defenses for Institutions

The FBI has advised financial institutions to implement several defensive measures, including:

• Monitoring ATMs for unauthorized files and suspicious activity.

• Disabling USB ports to prevent malware insertion.

• Replacing generic locks with more secure keypad systems.

• Implementing secondary alarms and enhanced physical security measures.

The Impact on Consumers

While ATM jackpotting directly targets financial institutions rather than individual customer accounts, the financial repercussions can indirectly affect consumers. Losses incurred by banks may eventually be passed on through increased ATM fees, higher account charges, or stricter banking policies. Additionally, affected ATMs may be taken offline for repairs, reducing cash accessibility, and the rise in such attacks can signal broader criminal activity in an area.

Protecting Yourself at the ATM

Even though consumers are not the direct targets, taking precautions when using ATMs is advisable:

• Use ATMs in well-lit, secure, and busy locations.

• Avoid isolated ATMs, especially during late hours.

• Be vigilant for any unusual ATM behavior, such as reboots or freezes.

• Inspect the machine for signs of tampering, like loose panels or unusual attachments.

• Always cover the keypad when entering your PIN.

• Enable real-time transaction alerts from your bank.

• Regularly review your bank statements for any discrepancies.

• Consider identity theft monitoring services for an extra layer of security.

• Utilize contactless or in-app ATM withdrawal options when available.

• Keep your mobile banking applications updated with the latest security patches.

Sources

• ATM jackpotting attacks surge across the U.S., Kurt the CyberGuy.

• FBI warns ATM ‘jackpotting’ attacks surge; hackers steal $20m, Ripples Nigeria.

• FBI warns of ATM jackpotting attacks draining cash, Fox News.

• FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025, Security Affairs.