DOJ alleges Ploutus malware was deployed to compromise ATMs and trigger cash payouts, with the scheme tied to Tren de Aragua. Prosecutors cite restitution to victim banks as part of the sentencing outcome.

The DOJ press release describing the ATM “jackpotting” sentencing also focuses on alleged criminal infrastructure and affiliations. Prosecutors say the conspiracy involved deploying Ploutus malware, which enabled attackers to compromise ATMs and force them to dispense cash. The government frames the incident as cyber-enabled theft targeting financial institutions rather than a localized, hardware-only crime. In explaining the investigation, DOJ also ties the matter to Tren de Aragua, a group prosecutors identify to provide context about the alleged network behind cyber-facilitated crimes. That linkage can matter for sentencing and for how investigators trace participants, tools, and operational methods across cases. The government’s inclusion of restitution to victim banks underscores that ATM malware incidents can impose direct and indirect costs: lost funds, incident response expenses, system remediation, and fraud monitoring enhancements. Even when consumers are reimbursed, the ripple effects can affect service availability and bank security postures. Overall, the case illustrates how cyber intrusions can be weaponized quickly against widely distributed assets like ATMs. It also demonstrates that “jackpotting” prosecutions often combine technical allegations (malware deployment) with organized crime context and financial harm estimates.