FBI warns of rising ATM jackpotting attacks using Ploutus malware.

700+ incidents in 2025. $20M+ stolen.
Cyber-physical compromise targeting XFS middleware & Windows-based ATMs.

Read:
https://www.technadu.com/atm-jackpotting-attacks-using-the-ploutus-malware-surge-across-the-us-fbi-warns/620568/

Mitigation strategies?

#InfoSec #ATMJackpotting #Ploutus #FinancialSecurity

📢⚠️ US prosecutors charge 31 more suspects in a nationwide ATM jackpotting scam, bringing the total to 87 defendants linked to malware-driven thefts across multiple states.

Read: https://hackread.com/us-charges-atm-jackpotting-scam-suspects/

#ATMJackpotting #Malware #CyberSecurity #Scam #Cybercrime

📢 ⚠️ 2 Venezuelan nationals convicted in a multi-state ATM jackpotting scheme will be deported after federal sentences and restitution orders, authorities say. Cash was stolen by installing malware in ATMs.

Read: https://hackread.com/venezuelan-nationals-face-deportation-atm-jackpotting/

#ATMjackpotting #CyberCrime #Venezuela #Malware

It's been a bit light on news over the last 24 hours, but we've got some significant updates on law enforcement actions against cybercriminals and an interesting development in ransomware capabilities. Let's dive in:

Law Enforcement Cracks Down on Ransomware and ATM Jackpotting ⚖️
- Two former cybersecurity professionals, a manager of incident response and a ransomware negotiator, pleaded guilty to participating in ALPHV/BlackCat ransomware attacks, causing over $9.5 million in losses and highlighting the insider threat risk.
- A Ukrainian national pleaded guilty to involvement in Nefilim ransomware attacks, which targeted high-revenue companies in the US and Europe, with authorities still actively pursuing a co-conspirator and offering an $11 million reward.
- The US Department of Justice has indicted 54 individuals linked to the Venezuelan Tren de Aragua (TdA) terrorist organisation for a multi-million dollar ATM jackpotting scheme using Ploutus malware, with $40.73 million lost since 2021.

🤫 CyberScoop | https://cyberscoop.com/incident-responders-plead-guilty-ransomware-digitalmint/
🤫 CyberScoop | https://cyberscoop.com/nefilim-ransomware-artem-stryzhak-guilty-plea/
📰 The Hacker News | https://thehackernews.com/2025/12/us-doj-charges-54-in-atm-jackpotting.html

RansomHouse Levels Up Its Encryption Game 🛡️
- The RansomHouse ransomware-as-a-service (RaaS) operation has upgraded its encryptor to a new variant, dubbed 'Mario', moving from a simple linear technique to a more complex, multi-layered, two-stage encryption process.
- 'Mario' introduces dynamic chunk sizing at an 8GB threshold, intermittent encryption, and uses complex mathematics to determine processing order, making static analysis and reverse engineering significantly more difficult.
- These enhancements provide stronger encryption results, faster speeds, and better reliability, increasing the leverage for threat actors during post-encryption negotiations.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ransomhouse-upgrades-encryption-with-multi-layered-data-processing/

#CyberSecurity #ThreatIntelligence #Ransomware #LawEnforcement #Cybercrime #ATMJackpotting #Malware #InfoSec #IncidentResponse #DetectionEngineering

ATM jackpotting case escalates: 54 suspects, some linked to Tren de Aragua, indicted in the U.S. for using ATM malware + physical access to steal millions.

https://www.technadu.com/tren-de-aragua-members-indicted-in-us-multi-million-dollar-atm-jackpotting-scheme/616199/

Thoughts on the next evolution of ATM security?

#CyberCrime #ATMJackpotting #Malware #FinancialSecurity

There seems to be a new variant of the North Korean malware #FASTCASH that hacks ATMs. The interesting quirk is that the only currency it steals is... Turkish Lira? This makes more sense when you consider that:

1) Over the last 1.5 or so years most big crypto exchanges have been making moves towards Turkey (opening offices, sponsoring local events, etc.)

2) DPRK loves stealing crypto but cashing out is still a challenge for them

While this malware just looks like it engages in outright theft I have a strong hunch that laundering stolen crypto is a factor here.

thread: https://x.com/haxrob/status/1845307197913432282
[UPDATE] IOCs here: https://otx.alienvault.com/pulse/670ead49449b8caec5e64437

#NorthKorea #DPRK #cybersecurity #ATMJackpotting #infosec #Turkey #Turkiye #Istanbul #crypto #cryptocurrency #malware #TurkishLira #currency #ATM #ATMs #scams #theft