Jackpotting and Venezuelan deportation convicted of emptying ATMs in several states

Federal Justice in South Carolina has confirmed that two Venezuelan citizens who participated in a series of ATM robberies will be deported after their sentences have been served. These are 34-year-old Luz Granados and 40-year-old Johan Gonzalez-Jimenez, who admitted their participation in a plan to empty the cash of old ATM models located in several states in the south-east of the United States.

Prosecutors describe a technique known as "ATM jackpotting": attackers physically manipulated machines, connected laptops and executed malicious software that forced the cashier to expel all the money in their compartments. This is reflected in the statement by the Justice Department of the District of South Carolina, which details how the perpetrators exceeded the protection of the equipment and made the machine issue tickets until it exhausted its content ( DOJ communication).

According to the prosecution, the loot was not from customer bank accounts but directly from cash stored in the cashiers. The robberies were distributed between Alabama, Georgia, North Carolina, Virginia and South Carolina, and mainly affected older ATM models that lacked modern hardware or firmware certainties.

In judicial terms, Gonzalez-Jimenez was sentenced to 18 months in prison and must pay $285,100 in restitution before being deported. Granados received an equivalent sentence on time and was forced to return $126,340; he remains in custody pending deportation, according to court and DOJ documents.

The investigation was not limited to South Carolina: the local prosecution shared evidence with authorities in Nebraska, leading to a large federal jury that issued a large charge against 54 persons associated with a conspiracy related to the same type of fraud. This massive case points to a scheme that, according to the allegations, would have removed millions of dollars of ATMs throughout the country ( DOJ note in Nebraska).

Among those noted in the investigations are Jimena Romina Araya Navarro, a person linked to the organization known as Tren de Aragua, who was already sanctioned by the Foreign Assets Control Office of the U.S. Treasury Department. In December. OFAC sanctions seek to hit the financial and logistical structures of criminal groups operating from outside ( Treasury statement).

As for the technique used by the attackers, prosecutors explain that they used variants of malware known as Ploutus. In some cases the criminals removed the hard drive from the cashier to install malicious software directly; in others they introduced external devices such as USB memories or replaced the disk with one previously infected. malware not only ordered the dispensation of money but also tried to erase prints and records to make it difficult for bank staff to detect.

These techniques and the nature of malware are not unpublished: previous research and specialized reports have documented "jackpotting" campaigns that take advantage of ATMs with outdated software or insufficient physical security. Journalists and cyber security experts have covered the phenomenon for years, explaining how attackers combine social engineering, physical access and malware to exploit vulnerabilities in legacy equipment ( analysis in KrebsOnSecurity).

The Middle District Prosecutor & apos; s Office of Georgia, for its part, recently reported that five other Venezuelan citizens associated with similar robberies also face immediate deportation after admitting their guilt or receiving convictions in cases related to jackpotting, which emphasizes that the operations were of a multinational and coordinated scope between different jurisdictions ( DOJ communiqué in Georgia).

Beyond sanctions and prison sentences, these processes show the importance of cooperation between agencies and borders to dismantle criminal networks that use technology. The identification of malware, the exchange of tests between districts and collaboration with agencies like the Treasury to punish gang leaders are key steps to stop these criminal forms.

In the technical field, the lesson for banks and operators is clear: to keep the ATM software and firmware up to date, to strengthen the physical safety of machines and to monitor in more detail the records of events are necessary measures to reduce the attack surface. The old cashiers, without patches and with relatively simple physical access, remain the weakest link in many safety chains.

For the public, the essential information is that these crimes do not directly compromise personal accounts when it comes to jackpotting: customers do not see charges or extracts from their cards; the loss is from the bank itself, which loses the cash stored in the cashier. However, the presence of this type of fraud generates insecurity and additional operating costs that may have an indirect impact on users and businesses.

The cases of Granados and Gonzalez-Jimenez are part of a broader pattern of concern to the authorities: coordinated attacks that mix traditional theft techniques with advanced digital tools and transnational logistics. The combination of judicial processes, sanctions and technological improvements will be decisive in reducing the occurrence of these blows in the future.

If you want to consult official sources on these processes and sanctions, you can review the communiqués of the South Carolina District Justice Department ( DOJ South Carolina), the announcement of the grand jury in Nebraska ( DOJ Nebraska), the OFAC ( Treasury Department) and the related case note in Georgia ( DOJ Georgia). There are also journalistic analyses that describe how jackpotting works and why it remains a relevant threat to banks and ATM operators ( KrebsOnSecurity).