Overview
- The FBI tallied roughly 1,900 jackpotting incidents since 2020, including more than 700 in 2025 that stole over $20 million, while the DoJ has reported about $40.73 million in losses since 2021.
- Criminal crews typically unlock ATM cabinets with generic keys, remove or swap hard drives, and load malware that enables rapid cash-outs often detected only after cash is gone.
- Ploutus malware targets the XFS software layer on Windows-based ATMs, bypassing bank authorization, working across multiple vendors, and attacking machines rather than customer accounts.
- The FLASH alert provides indicators of compromise and defenses such as replacing default locks, adding sensors and cameras, enabling hard‑drive encryption, enforcing device allowlisting, and validating systems against a gold image.
- Federal prosecutions continue against alleged participants, with the Justice Department charging 87 suspects in recent months, including many tied to the Tren de Aragua network.