ATM Jackpotting Explained: Why Federal Officials Are Sounding the Alarm
Banks all across the United States are facing a growing cyber and physical threat known as ATM jackpotting, a form of theft that tricks ATMs into dispensing cash without a valid transaction or bank authorization.
Federal authorities have recently issued alerts to financial institutions to help them recognize and respond to these attacks.
What Is ATM Jackpotting?
In its simplest form, the question of, “What is ATM jackpotting?” comes down to this: criminals take control of an ATM’s internal software or hardware to make it spit out money on demand, almost like hitting the jackpot on a slot machine.
The key tool in recent cases is malware, especially variants of the Ploutus family. It targets the machine’s underlying systems to override normal processes.
Unlike card skimming or account fraud, jackpotting doesn’t need access to our bank account or card information.
Instead, it manipulates the ATM itself to dispense bills without authorizing a transaction.
Recent Surge in Attacks
The FBI and cybersecurity experts have confirmed a sharp uptick in these attacks.
According to official alerts, roughly 1,900 ATM jackpotting incidents have been reported in the U.S. since 2020. Of those, more than 700 took place in 2025 alone, resulting in losses of over $20 million.
These figures highlight a broader trend: cybercriminals are increasingly combining digital malware with physical access techniques to exploit vulnerable machines.
Law enforcement officials have warned that this type of fraud is difficult to detect until after the money has already been withdrawn.
How Criminals Execute Jackpotting
Jackpotting attacks typically involve a mix of software manipulation and physical tampering with the ATM hardware.
Two common methods include:
Malware Installation: Attackers introduce malicious code like Ploutus into the ATM’s internal systems, giving them direct control over the machine’s commands.
Hard-Drive Replacement or Tampering: In some cases, the hard drive is removed and replaced by one preloaded with jackpotting malware, or malware is copied directly onto the drive before it’s returned and rebooted.
Once installed, the malware can instruct the ATM to release cash without the customer’s or the bank’s authorization.
Because it targets the machine’s internal software layer, especially the Windows-based eXtensions for Financial Services (XFS) layer, jackpotting attacks can be fast and difficult to spot.
How Financial Institutions Are Responding
The 2026 FBI alert isn’t just a warning.
It also includes technical details known as indicators of compromise (IOCs) that can help ATM operators spot potential tampering.
These include:
Unusual executable files on ATM systems
Unexpected USB connections
ATM doors opening outside of routine maintenance
Banks and credit unions are being asked to strengthen their physical and cybersecurity defenses.
Common steps include:
Upgrading physical locks and barriers to reduce unauthorized access
Installing environmental sensors to detect vibrations, temperature changes, or forced entry
Using firmware integrity checks and disk encryption to protect ATM systems
Monitoring logging and removable media activity for suspicious records
Maintaining a verified “gold image” baseline for ATM operating systems to detect unauthorized changes quickly
These layered defenses help organizations detect tampering early and prevent malware from taking hold in the first place.
What We Should Know
Regular ATM users aren’t usually targeted in jackpotting scams, because the attacks manipulate the machine itself, rather than customer accounts.
That means a cardholder’s personal information or account balance isn’t usually affected.
However, jackpotting can leave machines out of service after an attack, and it exposes broader weaknesses in cash-dispensing network security.
If you use your local ATM, try to stay alert for unusual behavior (like open access panels or tampered components), and be sure to report anything suspicious to your bank.
The Pattern Authorities Are Tracking
The recent rise in Ploutus malware attacks and other jackpotting schemes shows us that criminal methods are evolving, and ATMs are ideal targets because of the large cash amounts they hold.
Financial institutions, cybersecurity teams, and law enforcement agencies are working together to adapt new defenses and share their intelligence.
As the FBI continues to release its guidance, the main goal is to help banks and credit unions prevent future losses, protect their infrastructure, and prevent jackpotting before large amounts of cash are lost.
ATM jackpotting sounds dramatic, but it’s a targeted crime aimed at machines, not everyday people.
Mainly, it’s an issue unfolding quietly behind the scenes. And, as with most cyber threats, increased visibility and monitoring will (hopefully) help our banks respond quickly and confidently.
Curious for more stories that keep you informed and entertained? From the latest headlines to everyday insights, YourLifeBuzz has more to explore. Dive into what’s next.