A Drug Cartel Using Russian Software Hits West Coast ATMs
Criminals Using Russian Software Hit West Coast ATMs in a Rash of Daring Black Box JackPot Attacks
FTSI technicians removed a malicious hard drive that was connected to a Diebold ATM as part of a sophisticated attack by organized criminals. This was one in a series of attacks that have targeted ATMs in Colorado, Oregon, and Washington and cost financial institutions hundreds of thousands of dollars.
These criminals are using two methods of attack. The first involves pulling the PC core out of the ATM, removing the hard drive, and installing a new malicious one with a Russian program designed to dispense the ATM’s cash (“Jackpot”) upon command. The second involves connecting a “Black Box” directly to the PC core via a USB and then ordering the ATM to dispense cash directly.
Multiple hard drives have been turned over to the FBI for analysis and these attacks are being investigated on both local and national levels. While the vast majority of the attacks have targeted Diebold drive up ATMs there have been at least a couple attacks reported that have targeted NCR drive up ATMs as well.
FTSI is encouraging our customers to take action now and alarm their ATM tophats before these criminals have the chance to strike again. This will protect the PC core by setting off an alarm if anyone tries to break into the tophat.
FTSI, along with various law enforcement authorities, are recommending the following steps be taken to protect your ATMs:
Steps to Combat Black Box Attacks:
- Connect your ATM tophats to your alarm system
- Change the locks on your tophats
- Use the standard protection available in the APTRA XFS platform software and keep it up to date
- Set the dispenser security to PHYSICAL (LEVEL 3) Authentication
- Upgrade the dispenser XFS software component to the version included in APTRA XFS 06.03. (NOTE: This is the MANDATORY minimum version. The recommended version is APTRA XFS 06.04.01.)
- Change your ATMs to an Estoril core and white list the Hard Drive
If you have FTSI service and software maintenance you will already have a minimum of the XFS 06.03. If you do not have the recommended minimum software requirements or interested in having your machines serviced by technicians trained to recognize Black Box and other threats, contact FTSI as soon as possible.
Additionally, FTSI reminds you to always keep an eye out for suspicious persons loitering near your ATMs and if you suspect your ATM has been tampered with or attacked, please call the local authorities first as criminals may still be nearby.