Newspaper Kommersant discloses mechanism of virus affecting Russia’s ATMs

12:16, 20 march 2017

A new virus causes Russia’s ATMs to issue all of its largest bills to anyone who enters a specific code, reported newspaper Kommersant on Monday.

Deputy head of Russia’s Central Bank’s security and information protection department Artyom Sychev announced the new threat on March 17, citing data from FinCert, Russia’s center for monitoring cyber-attacks in the financial sector.

Sychev then did not disclose details, saying only that the method involved a contactless tactic to steal funds.

Kommersant’s sources with access to the FinCert report have said that Russia’s ATMs have been affected by a virus that, when fed a specific code, has the ATM issue all the cash contained in a compartment in which the largest bills are stored (namely, up to 40 bills each valuing 1000 and/or 5000 rubles.)

This is the first time that the virus has been identified in Russia, the newspaper noted, though its existence was known from previous incidents in other countries.

According to Kommersant’s sources, the virus has affected the ATMs of Russia’s largest ATM manufacturer NCR. The sources said, however, that “it is [odd] that the revealed vulnerability [has affected] a particular manufacturer, as all ATMs run on [the] Windows [operating system].”