FBI Report: $20 Million Stolen from ATMs via 'Jackpotting' Attacks

Significant Increase in ATM 'Jackpotting' Attacks The latest security report released by the Federal Bureau of Investigation (FBI) indicates that cybercriminals have significantly increased their attacks on ATMs in recent years.
According to the report, more than 700 organized attacks were carried out on ATMs in 2025 alone, resulting in the theft of at least $20 million in cash.
From Theory to Organized Crime Once considered a theoretical security vulnerability, this method was first demonstrated in 2010 by the renowned security researcher Barnaby Jack at a conference.
Jack successfully breached an ATM, causing the machine to uncontrollably dispense cash in front of an audience.
Today, this technique, known as "jackpotting," has evolved into a professional line of business within the cybercrime world.
Physical and Digital Intervention Techniques According to the FBI report, criminals use methods such as unlocking front panels and accessing hard drives to gain physical access to ATM machines.
Utilizing master keys and specialized digital tools, attackers install malicious software onto the system after gaining physical access.
This software forces the ATM to dispense cash immediately without being linked to any customer account.
Ploutus Malware and System Vulnerabilities The report specifically highlights the malware known as "Ploutus." Affecting many ATM manufacturers and cash dispensers, this software targets the underlying Windows operating system of the machines.
This allows attackers to empty the cash reservoir directly without entering bank records.