South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences.
34-year-old Luz Granados and 40-year-old Johan Gonzalez-Jimenez have previously pleaded guilty to conspiracy and computer crimes for emptying older ATM models throughout the southeastern United States.
The pair connected laptops to targeted Automated Teller Machines (ATMs) and installed malware that bypassed security protocols, forcing the machines to dispense all available cash.
All the stolen funds came directly from the banks rather than individual customer accounts, hitting institutions in South Carolina, Georgia, North Carolina, and Virginia.
“The defendants would approach an ATM at nighttime and remove the outer casing of the machine and then connect a laptop computer to install malware which overcame the ATM’s security protocols,” the Justice Department said. “Once installed, the ATMs dispersed cash to the perpetrators until the ATM’s funds are exhausted.”
U.S. District Judge Mary Geiger Lewis sentenced Gonzalez-Jimenez to 18 months in federal prison and ordered him to pay $285,100 in restitution before deportation. Granados remains in custody awaiting deportation after being sentenced to time served and ordered to pay $126,340 in restitution.
The District of South Carolina shared evidence obtained during the investigation with Nebraska authorities, which led to a federal grand jury in Nebraska indicting 54 individuals in a related ATM jackpotting conspiracy that allegedly led to the theft of millions from ATMs across the United States.
The Nebraska indictments also target Jimena Romina Araya Navarro, an entertainer and one of the alleged leaders of the Tren de Aragua Venezuelan gang, who was sanctioned by the Department of the Treasury’s Office of Foreign Assets Control in December.
Prosecutors said the defendants deployed a Ploutus malware variant by removing the ATM’s hard drive and installing it directly, using external devices like thumb drives, or replacing the ATM’s hard drive with one that was already infected. Once deployed, the malware forced unauthorized cash withdrawals and deleted evidence to conceal the attacks from bank employees.
Last month, the Justice Department also announced five other Venezuelan nationals are also facing “immediate deportation” after being sentenced or pleading guilty for their involvement in ATM jackpotting thefts across multiple U.S. states.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
