The Federal Bureau of Investigation (FBI), the principal law enforcement agency of the United States, has issued a formal warning that ATM “jackpotting” attacks have surged significantly in 2025. According to official data, more than 700 such cases were reported across the country last year alone, indicating a troubling rise in organized financial cybercrime targeting banking infrastructure.
Estimates prepared by FBI researchers reveal the financial impact has been substantial. Since 2020, criminals have fraudulently extracted more than $20 million through these schemes. Alarmingly, over $12 million of those losses occurred in 2025 alone, highlighting how rapidly the threat has escalated in both frequency and severity.
ATM jackpotting is a sophisticated form of cyberattack in which criminals exploit both physical and software vulnerabilities within automated teller machines. By breaching the machine’s security systems, attackers install malicious software that forces the ATM to dispense cash on command—without authorization from the bank and, in many cases, without the institution’s immediate knowledge. Unlike traditional bank fraud, this method directly manipulates the machine itself rather than customer accounts.
The attack typically requires physical access to the ATM. Criminals open the machine’s cabinet to access its internal computer system, often targeting the hard drive. They either install malware onto the existing system or replace the hard drive entirely with one that has been preloaded with jackpotting software. Once activated, the malware allows attackers to trigger large cash withdrawals at will. In more advanced cases, the malicious code can spread across connected ATM networks, infecting multiple machines and amplifying the damage.
One of the most commonly associated tools in these operations is Ploutus malware, a strain specifically designed to target ATM systems. Ploutus enables attackers to control cash dispensing functions through external devices or remote commands, making it a powerful instrument in coordinated jackpotting campaigns.
The FBI’s alert underscores the growing sophistication of cybercriminal groups and the urgent need for banks and ATM operators to strengthen both physical safeguards and cybersecurity defenses. As financial institutions continue modernizing their systems, experts warn that proactive monitoring, timely software updates, and enhanced machine-level security are critical to preventing further losses.
Join our LinkedIn group Information Security Community!
