All About ATM Jackpotting

We all know the pleasant sound of ATM bills counting down. But it’s even more satisfying to pick them up from an ATM. This is a sensation pursued by many attackers who conduct targeted attacks on ATMs. One such attack is ATM jackpotting.

ATM jackpotting is the installation and activation by criminals of malicious software on an ATM that triggers the withdrawal of all cash. Such attacks first became known in January 2018. The representatives of Diebold Nixdorf Inc and NCR Corp, two of the world’s largest ATM manufacturers, warned users about the cybercrime.

It is very important that banks know about this risk and keep their ATM security during money transfers in good shape. Cybercriminals are going after ATM networks to find weak spots in the security of financial institutions. Money transfer services are also being aimed at. “Smash and grab” attacks on ATMs have been going on for a long time in the world of cybercrime that uses money transfer apps. Agents are now going after cash machines in order to get rewards like customer information or plain old cash.

In the United Kingdom, trucks and stolen farm equipment have been used in a number of ATM attacks in recent years. This has made it easier to send money online. The goal is to take all of the money from the ATM and move it somewhere where the money can be pushed out, like an online money transfer.

The other choice is to “smash and snatch,” which means to break into an ATM nearby and take money out. Since 2016, police in England and Wales have found that gas explosions have been used in nearly 100 attacks on ATMs. In the Midlands, one group of thieves broke into 23 homes and stole more than £1.5 million over the course of three months.

Today we will tell you what ATM jackpotting is and how to avoid attacks. You will also learn about the peculiarities of malware and software.

What is ATM Jackpotting

ATM jackpotting is a type of attack in which hackers connect to the particular ATM and give it a sequence of commands to dispense all the money from the built-in safe. This type of hacking scheme of the ATM security system in order to intercept the cash withdrawal control can be done by compromising the bank software or by using special equipment.

The name of this type of attack comes from the word «jackpot», because the perpetrator in case of a successful hack gets all the money that was loaded into the ATM. After the ATM ejects all the cash accumulated inside, the perpetrator only has to put up a money bag and retrieve the loot.

Important: ATM jackpotting is not the easiest and most convenient way to get rich. First, need physical access to the ATM, the ability to connect to it and crack the basic security. Second, the process takes time, and ATMs are rarely located out of sight of security guards or surveillance cameras.

Often, cybercriminals entrust the receipt of money to low-skilled crooks called mules. These criminals are only tasked with collecting the cash and handing it over to the organizers of the attack.

Type of jackpotting attacks

In jackpotting, hackers exploit the ATM hardware and software vulnerabilities to abscond with cash. Criminals can disguise themselves as bank staff to easily gain access to the ATM. The most vulnerable to such attacks are considered freestanding ATMs that are within video surveillance distance.

Below we will describe the basic type of attacks by jackpotting.


Malware is capable of causing serious damage to a bank’s reputation and financial stability. This software allows fraudsters to force ATMs to dispense cash without reflecting withdrawals on any bank accounts.

The most famous malware:


Ploutus was discovered in Mexico. To install the first version of the program, a CD-ROM had to be inserted in the ATM CD-ROM. The next version was distributed via cell phone. To install the latest version of Ploutus (Ploutus-D) requires physical access to the top of the particular ATM.

Cutlet Maker

Before free distribution, Cutlet Maker could only be purchased online. This malware infects ATMs via a USB drive. Once Cutlet Maker has been installed, an image of a chef and a piece of meat appears on the ATM screen, along with the words “Ho-ho-ho-ho! Let’s make some cutlets today!”.

Black box

The Diebold Nixdorf ATM manufacturer first warned about the black box attack.

In this type of attack, intruders detach the external casing of an ATM to gain access to its ports. Attackers can also cut a hole in the casing to gain direct access to internal wiring and other hidden connectors. The attacker then connects a device called a “black box” (usually a laptop or Raspberry Pi board) to the ATM’s internal components, which are used to send commands and steal money. This method is popular among fraudsters because of its low cost and ease of implementation.

How jackpotting attacks work

In an attack, attackers perform several actions. First of all, criminals gain access to local devices. Cybercriminals connect USB to ATM by means of a screwdriver. Once connected to the USB port, malicious code is injected into the ATM system. Finally, the ATM is rebooted to standard mode and then comes under the control of the malware. The last step is to steal the cash.

A step-by-step jackpotting scheme is shown below.

  1. Send malware via phishing emails
  2. Steal admin sensitive data
  3. Hack into network
  4. Perform lateral movement
  5. Get remote access to ATMs
  6. Dispense Cash
  7. Let Mules collect money


Recently, attackers prefer to attack ATMs with malware rather than by physical attack. This is due to the greater security of the procedure.

Software in ATM Jackpotting

But now there is a new danger to watch out for that isn’t physical. First, I’ll look for an online money transfer near me to stop hackers from getting in. This summer, the FBI warned about a “cashout” attack on commercial bank ATMs that was happening around the world. This happened because people used online money transfer sites and services to send and receive money online. All About ATM Jackpotting

The attack that was stopped before it happened was going to target a bank or a transaction processor so that fake cards could be used to take money out of bank accounts. This is a sign of a sophisticated hack that can directly affect customers as well as bank and business operations, like sending money online.

Effects of ATM Jackpotting

Over the last ten years, malware attacks on ATMs have become more sophisticated and widespread. The European Association for Secure Transactions (EAST) said in its 2017 European ATM Crime Report that there were 287 percent more ATM disclosure attacks on money transfer companies than the year before.

Organizational security plans can deal with a wide range of infrastructure problems, but ATM hardware and operating systems are always the weakest links. There are two kinds of attacks on ATMs: physical and logical, which should be possible on services like online money transfer services.

In a real attack, the person who did wrong is there before, during, and after the bad thing. It uses real influence to control the machine and is common in the UK. It connects organizations that move money. On the other hand, the cognizant attack uses malware and master devices to control the ATM and get access to normal information and resources.

The last attack made the Federal Bureau of Investigation more worried because it involved customer data and resources. Most people understand how to move money from one bank account to another.


Jackpotting is the practice of stealing money from an ATM. The attackers do this by connecting their own devices to the ATM’s communication network. The attacker enters the ATM physically and cuts the connection between the dispenser and the computer, then sends the machine unauthorized instructions to issue cash.

Banks must take care to adopt specialized ATM security solutions, frequently update anti-virus software, use hard disk encryption techniques, and use encrypted communication protocols to prevent jackpotting on ATMs.