In recent years, a concerning surge in cyberattacks targeting Automated Teller Machines (ATMs) has caught the attention of the Federal Bureau of Investigation (FBI) and cybersecurity experts alike. These attacks, known as "jackpotting," involve hackers manipulating ATMs to dispense cash illicitly, bypassing the usual banking protocols. Michael Crean, Senior Vice President of Managed Services at SonicWall, highlighted the broader context of rising cyber threats, including Iran-linked attacks on U.S. infrastructure and medical technology firms, underscoring the growing sophistication and impact of cybercrime in critical sectors. This summary explores the nature of ATM jackpotting, its implications for financial institutions and consumers, and practical advice on how individuals can stay safe while using ATMs.
### Understanding ATM Jackpotting: How Hackers Steal Cash Directly from Machines
Unlike typical cyber fraud that involves stealing card information or hacking into bank accounts, jackpotting attacks exploit vulnerabilities within the ATM machines themselves. These are not scenes from a Hollywood heist but real-world crimes facilitated by malware and physical tampering. Hackers often gain access to the ATM’s internal hardware by using generic or stolen keys to open the machine’s maintenance cabinet. Once inside, they can either remove the storage drive or insert a compromised one loaded with malicious software.
One prevalent strain of malware used in these attacks is called Ploutus. This software targets the XFS (eXtensions for Financial Services) system—a standardized interface that ATMs use to communicate with bank networks and authorize transactions. Instead of requesting permission from the bank, the malware sends its own commands to the ATM, instructing it to dispense cash on demand without any legitimate transaction or card involvement. This "jackpotting" turns the ATM into an unauthorized cash dispenser, enabling criminals to steal large sums rapidly.
A critical factor amplifying this threat is the outdated software running on many ATMs. Some machines still operate on legacy systems like Windows 7, which was released over a decade ago and is no longer supported or updated by Microsoft. These obsolete operating systems present exploitable vulnerabilities that hackers can use to breach multiple ATM brands and networks. Because these weaknesses are common across different machines, the problem is widespread, affecting hundreds of thousands of ATMs deployed nationwide.
### The Rising Tide of ATM Jackpotting Incidents and Financial Impact
The FBI reports a sharp increase in jackpotting attacks over the past few years. Since 2020, nearly 1,900 incidents have been documented, with more than a third occurring just last year. The financial losses are significant, with over $20 million stolen in 2025 alone. These figures highlight an accelerating trend, raising concerns about the security of physical financial infrastructure.
Authorities have also acted against organized criminal groups involved in these operations. For instance, a large-scale crackdown resulted in charges against 87 individuals linked to the Trende de Aragua gang, a notorious criminal organization implicated in a series of jackpotting attacks. Such efforts demonstrate law enforcement’s commitment to combating these crimes but also underscore the complexity and scale of the problem.
### Implications for Banks and Consumers: A Ripple Effect of Cybercrime
While jackpotting attacks primarily target financial institutions, the consequences ultimately trickle down to everyday customers. Banks bear the immediate financial losses, which are often covered by insurance. However, these costs do not disappear; they are frequently recouped through higher fees, increased charges for services, or more stringent banking policies. This means consumers indirectly pay the price for vulnerabilities exploited by cybercriminals.
Moreover, jackpotting attacks expose a broader issue: the reliance on aging technology within critical infrastructure. The same outdated systems that power ATMs can be found in other sectors, making them attractive targets for hackers. Michael Crean’s commentary on the rise of Iran-linked cyberattacks against U.S. medical technology firms and infrastructure emphasizes the increasing risks posed by state-sponsored and organized cyber threats. These incidents highlight the urgent need for comprehensive cybersecurity strategies that address both digital and physical vulnerabilities.
### Practical Tips for ATM Users: How to Stay Safe When Withdrawing Cash
Although jackpotting does not directly steal money from individual bank accounts, ATM users can still adopt precautions to minimize their risks. Since physical access to the machine is necessary for jackpotting, choosing ATMs located in secure, well-monitored areas such as inside bank branches or busy public spaces reduces the likelihood of tampering.
Users should remain vigilant for signs of suspicious activity at ATMs. If a machine behaves oddly—such