Venezuelan Nationals Face Deportation After ATM Jackpotting Scheme Conviction

Venezuelan Nationals to Be Deported Following ATM Jackpotting Conviction

Federal prosecutors in South Carolina have announced that two Venezuelan nationals convicted of orchestrating an ATM jackpotting scheme—stealing hundreds of thousands of dollars from U.S. banks—will be deported after serving their prison sentences. The case underscores the growing threat of financial malware attacks targeting critical banking infrastructure.

Technical Details of the Attack

The defendants, Jose Luis Ramos Vivas and Yolimar Coromoto Rodriguez Rengifo, were found guilty of deploying malware to compromise ATMs, a technique known as jackpotting. This method involves:

• Physical access to ATMs, often via maintenance ports or USB interfaces.
• Malware installation (e.g., Ploutus, Cutlet Maker, or Tyupkin) to bypass security controls.
• Remote or on-site triggering of cash dispensing, allowing attackers to empty machines.

While the specific malware strain used in this case was not disclosed, similar attacks have leveraged CVE-2017-17215 (a vulnerability in Huawei HG532 routers) to gain network access, though no CVE was cited by prosecutors.

Impact and Legal Consequences

The scheme resulted in the theft of hundreds of thousands of dollars from multiple U.S. banks. Both defendants were sentenced to prison terms and will face deportation to Venezuela upon release. The case highlights:

• The cross-border nature of cybercrime, with attackers exploiting vulnerabilities in financial systems.
• The evolving tactics of threat actors, including physical access combined with malware.
• The collaborative efforts between U.S. law enforcement and financial institutions to disrupt such operations.

Recommendations for Financial Institutions

To mitigate similar threats, security teams should:

1. Enhance physical security of ATMs, including tamper-evident seals and surveillance.
2. Implement network segmentation to limit lateral movement from compromised devices.
3. Deploy endpoint detection and response (EDR) solutions to monitor for unauthorized access.
4. Regularly update firmware on ATMs and associated hardware to patch known vulnerabilities.
5. Conduct employee training to recognize social engineering tactics used to gain physical access.

The case serves as a reminder of the persistent risks posed by financially motivated cybercriminals and the importance of proactive defense strategies in the banking sector.