FBI Warns of $20M+ in ATM “Jackpotting” Attacks Across US

A surge in “jackpotting” attacks targeting ATMs across the United States has prompted a warning from the FBI, with reported economic losses exceeding $20 million in 2025 alone. The attacks, which involve the utilize of malware to force ATMs to dispense cash, represent a growing threat to the nation’s financial infrastructure, according to a recent FBI communication cited by Fox News.

Since 2020, nearly 1,900 jackpotting incidents have been reported nationwide, with over a third occurring in the last year. This escalating trend poses significant challenges for the protection and maintenance of automated banking systems. The FBI has identified that criminals are exploiting vulnerabilities in ATM models from various manufacturers and banks.

A key factor contributing to the success of these attacks is the continued use of outdated operating systems, such as Windows 7, in many ATMs. This legacy software, no longer receiving security updates, creates exploitable gaps that attackers can leverage to compromise multiple machines and banking networks. According to reports, the malware used in these attacks, including a program known as Ploutus – first detected in Mexico in 2013 – allows hackers to bypass standard security protocols.

The jackpotting process typically involves physical access to the ATM’s internal components. Criminals often utilize generic keys to open the maintenance compartment, where they can install malware via USB drives or replace storage devices with compromised ones. Once the machine is rebooted, the malware takes control, instructing the ATM to dispense cash without requiring a valid card, account, or authentication. This allows for large-scale cash withdrawals that directly impact financial institutions.

While customers are not the direct targets of jackpotting attacks, the resulting financial losses for banks are often passed on to consumers through increased fees, administrative charges, or more restrictive account conditions, the FBI warns. Michael Crean, a senior vice president at SonicWall, noted that these incidents highlight systemic weaknesses not only within the banking sector but too in other critical areas like healthcare technology.

The FBI recommends that financial institutions update ATM operating systems, strengthen physical access controls, and continuously monitor for suspicious activity. Even though, implementing these measures across thousands of ATMs nationwide is a time-consuming and resource-intensive undertaking. Authorities are also advising the public to exercise caution when using ATMs, opting for machines located inside bank branches or well-lit, high-traffic areas, and to report any signs of tampering or unusual behavior.

The FBI is currently investigating the attacks and working with financial institutions to mitigate the threat. As of March 24, 2026, no arrests have been publicly announced in connection with the recent surge in jackpotting incidents.