FBI Warns of $20 Million ATM Jackpotting Surge in 2025: Cybercrime Hits U.S. Banking Sector Hard

In a stark warning that has sent shockwaves through the U.S. banking industry, the Federal Bureau of Investigation (FBI) has reported a dramatic surge in ATM jackpotting attacks, with cybercriminals exploiting both physical and software vulnerabilities to drain cash machines across the country. Since 2020, nearly 1,900 jackpotting incidents have been documented, with a staggering 700 of those occurring in 2025 alone, resulting in losses exceeding $20 million.

The Anatomy of a Jackpotting Attack

ATM jackpotting, a sophisticated form of cybercrime, involves the use of specialized malware—most notably Ploutus—to force ATMs to dispense cash without any legitimate transaction. According to the FBI, these attacks are not only financially devastating but also increasingly difficult to detect until after the money has been withdrawn.

The process typically begins with threat actors gaining unauthorized physical access to the ATM. Using widely available generic keys, criminals can open the ATM’s face panel and access the internal hardware. From there, they employ one of two primary methods to deploy the malware:

1. Hard Drive Manipulation: The attacker removes the ATM’s hard drive, connects it to their own computer, copies the malware onto it, and then reinserts the drive into the ATM before rebooting the machine.

2. Complete Drive Replacement: In some cases, the original hard drive is entirely replaced with a foreign drive preloaded with the malware, which is then installed and the ATM rebooted.

Once the malware is active, it interacts directly with the ATM’s hardware, bypassing any security controls embedded in the original ATM software. This allows the malware to issue commands directly to the machine’s cash dispensing mechanism, effectively bypassing bank authorization protocols.

Ploutus: The Malware Behind the Mayhem

First observed in Mexico in 2013, Ploutus has evolved into one of the most dangerous tools in the cybercriminal arsenal. The malware exploits the eXtensions for Financial Services (XFS), a software layer that instructs ATMs on what physical actions to perform. During a legitimate transaction, the ATM application sends instructions through XFS for bank authorization. However, Ploutus allows threat actors to issue their own commands to XFS, bypassing bank authorization entirely and instructing the ATM to dispense cash on demand.

The FBI notes that these attacks can occur in a matter of minutes, making them particularly insidious. Because the malware does not require a connection to an actual bank card or customer account, it can be used against ATMs from different manufacturers with minimal code changes, as the underlying Windows operating system is exploited during the attack.

A Growing Threat

The scale of the problem is underscored by data from the U.S. Department of Justice (DoJ), which reported in December 2025 that approximately $40.73 million has been collectively lost to jackpotting attacks since 2021. The FBI’s latest bulletin highlights the urgent need for financial institutions to bolster their defenses against this evolving threat.

Mitigation Strategies: How Banks Can Fight Back

To combat the rising tide of ATM jackpotting, the FBI has outlined a comprehensive list of recommendations for organizations:

• Enhance Physical Security: Install threat sensors, set up security cameras, and replace standard locks on ATM devices with more secure alternatives.
• Audit ATM Devices: Regularly inspect ATMs for signs of tampering or unauthorized access.
• Change Default Credentials: Ensure that all default passwords and access codes are changed to strong, unique alternatives.
• Implement Automatic Shutdown: Configure ATMs to automatically shut down when indicators of compromise are detected.
• Enforce Device Allowlisting: Prevent the connection of unauthorized devices to ATMs.
• Maintain Logs: Keep detailed logs of all ATM activity to aid in forensic analysis and incident response.

The Broader Implications

The surge in ATM jackpotting attacks is a stark reminder of the vulnerabilities that persist in critical financial infrastructure. As cybercriminals become increasingly sophisticated, the need for robust cybersecurity measures has never been more urgent. Financial institutions must not only invest in advanced security technologies but also foster a culture of vigilance and continuous improvement to stay ahead of these evolving threats.

The FBI’s warning serves as a wake-up call for the entire banking sector. With losses mounting and the frequency of attacks on the rise, the time to act is now. By adopting the recommended mitigation strategies and remaining vigilant, organizations can protect their assets and ensure the integrity of the financial system in the face of this growing menace.

Tags: ATM jackpotting, cybercrime, FBI warning, Ploutus malware, financial crime, banking security, ATM hacking, cybersecurity, U.S. banking sector, malware attacks, physical security, XFS exploitation, ATM vulnerabilities, financial losses, cyber threats, jackpotting incidents, ATM security, banking infrastructure, threat actors, malware deployment.

Viral Sentences:

• “ATM jackpotting attacks are draining millions from U.S. banks—here’s how cybercriminals are doing it.”
• “The FBI warns of a $20 million surge in ATM jackpotting attacks in 2025—are your bank’s ATMs safe?”
• “Ploutus malware is forcing ATMs to spit out cash—here’s how it works and how to stop it.”
• “700 ATM jackpotting incidents in 2025 alone—cybercrime is hitting the U.S. banking sector hard.”
• “Generic keys and malware: The simple yet devastating tools behind ATM jackpotting attacks.”
• “Banks lose $40.73 million to jackpotting since 2021—here’s what the FBI says you need to do to protect yourself.”
• “ATM jackpotting: The cybercrime that’s draining cash machines in minutes—and how to fight back.”
• “The FBI’s urgent warning: ATM jackpotting is on the rise—here’s how to secure your bank’s ATMs.”
• “Ploutus malware exploits Windows to bypass ATM security—here’s how to defend against it.”
• “ATM jackpotting attacks are evolving—here’s what banks need to know to stay ahead of cybercriminals.”

,