Executive Summary
- A federal grand jury indicted 31 additional defendants in a massive ATM jackpotting scheme, bringing the total charged to 87.
- The conspiracy is allegedly linked to the Tren de Aragua gang and involves charges of providing material support to terrorists.
- Prosecutors state the group used "Ploutus" malware to force ATMs to dispense millions of dollars in cash nationwide.
- Defendants face potential prison terms ranging from 20 to 335 years if convicted on all counts.
LINCOLN, Neb. — A federal grand jury in the District of Nebraska has returned an indictment charging 31 individuals for their alleged roles in a sophisticated conspiracy to deploy malware and steal millions of dollars from automated teller machines across the United States. According to the U.S. Attorney’s Office, this latest round of charges brings the total number of defendants implicated in the scheme to 87, following previous indictments issued in late 2025.
U.S. Attorney Lesley Woods’ office stated that the alleged operation utilized a technique known as "ATM jackpotting." Prosecutors allege that the conspiracy is linked to Tren de Aragua (TdA), a transnational criminal organization. The indictment claims the group used the stolen funds to transfer proceeds among members and associates, effectively laundering the cash. The charges against the 31 new defendants include conspiracy to provide material support to terrorists, conspiracy to commit bank fraud, bank burglary, and offenses related to computer fraud and money laundering.
According to court documents cited by Woods’ office, the conspiracy involved the development and deployment of a malware variant known as "Ploutus." This software was allegedly used to hack into ATMs nationwide, forcing the machines to dispense currency without authorized transactions. Prosecutors described a methodical approach where members of the conspiracy would travel in groups using multiple vehicles to target banks and credit unions. Investigators noted that the suspects would physically access the internal components of the ATMs to install the malware, often waiting nearby to ensure no alarms were triggered before executing the theft.
The Justice Department indicated that if convicted, the defendants face significant prison sentences ranging from 20 to 335 years, depending on their specific roles and charges. A related indictment returned on October 21, 2025, previously charged 32 individuals with 56 counts, including bank fraud and damage to protected computers. The U.S. Attorney’s office emphasized that the Ploutus malware was specifically designed to issue unauthorized commands to the ATM’s cash-dispensing module.
Judicial and Security Implications
The scale of this indictment highlights a significant escalation in federal efforts to dismantle transnational criminal networks leveraging cyber-enabled financial crimes within U.S. borders. By linking the "jackpotting" scheme to Tren de Aragua and including charges of material support to terrorists, federal prosecutors are utilizing a broad statutory framework to address the intersection of organized crime and cybersecurity threats. This case underscores the vulnerability of legacy banking infrastructure to physical-digital hybrid attacks and suggests a continued aggressive posture by the Department of Justice against large-scale financial conspiracies. It is important to note that all individuals named in the indictments are presumed innocent until proven guilty in a court of law.
