Jackpotting America: How Cybercriminals Are Draining ATMs in Minutes

In the dead of night, a nondescript figure approaches a seemingly ordinary ATM in a quiet American suburb. Within minutes, the machine begins to spit out stacks of cash - no cards, no PINs, just a well-rehearsed digital heist. This isn’t a scene from a Hollywood thriller; it’s the new reality of “ATM jackpotting,” and according to the FBI, it’s sweeping across the United States with alarming speed and sophistication.

Fast Facts

• Over 700 ATM jackpotting attacks in the U.S. in 2025 alone, netting at least $20 million.
• The Ploutus malware family is the tool of choice for many cybercriminals targeting ATMs.
• Attackers exploit both physical and digital vulnerabilities to access and control ATMs.
• Victims are primarily banks and ATM operators - not individual account holders.
• The FBI urges financial institutions to ramp up their cyber defenses immediately.

America’s ATMs Under Siege: The Mechanics of Jackpotting

The Federal Bureau of Investigation recently sounded the alarm: ATM jackpotting isn’t just on the rise - it’s become one of the most lucrative cybercriminal ventures in the nation. In a newly released report, the FBI revealed that out of 1,900 reported ATM jackpotting incidents since 2020, more than 700 occurred in 2025 alone, resulting in losses that have already surpassed $20 million. The agency describes the threat as a hybrid of physical and cyber crime, with attackers combining old-school hardware tampering with cutting-edge malware.

At the center of this crime wave is Ploutus - a notorious malware strain first identified in 2013. Ploutus allows hackers to override an ATM’s normal operations, turning it into a cash-dispensing puppet. The attack typically begins with physical access: criminals open the ATM, insert a malicious boot disk via the CD-ROM drive, and connect an external keyboard. With a sequence of keystrokes - F8 to activate the malware’s hidden interface, F3 to trigger a cash-out - the machine is under their command.

What makes Ploutus particularly dangerous is its ability to exploit the ATM’s XFS (Extensions for Financial Services) software, which manages communication between the machine’s hardware components (like the PIN pad, card reader, and cash dispenser). By hijacking this software, attackers can command the ATM to dispense money rapidly, often draining reserves in minutes. Crucially, these attacks target the cash in the ATM itself, not the accounts of individual customers.

The FBI’s report warns that a blend of new hacking techniques and easy-to-access ATM hardware has multiplied the chances of successful heists. Many of these attacks remain undetected until after the cash is gone, making them especially difficult to prevent or investigate after the fact.

Conclusion

The surge in ATM jackpotting is a stark reminder that cybercrime is evolving as quickly as the technology it exploits. With millions already lost and the threat showing no signs of slowing, banks and ATM operators are under pressure to harden their defenses. For now, the battle for America’s cash machines is being fought in the shadows - one malware-laced boot disk at a time.

WIKICROOK

• ATM Jackpotting: ATM jackpotting is a cyberattack where criminals force ATMs to dispense cash illegally by exploiting software or hardware vulnerabilities.
• Ploutus: Ploutus is advanced ATM malware that enables attackers to dispense cash and erase evidence, posing a major threat to financial institutions.
• XFS (Extensions for Financial Services): XFS is a software framework that standardizes communication between ATMs and banking systems, enabling secure and efficient device integration for banks.
• Malware: Il malware è un software dannoso progettato per infiltrarsi, danneggiare o rubare dati da dispositivi informatici senza il consenso dell’utente.
• Boot Disk: A boot disk is a removable device used to start a computer or ATM, often for recovery, troubleshooting, or secure software installation.