ProLock Ransomware Operators Attacked Diebold Nixdorf ATM Provider

ProLock attacked Diebold Nixdorf
Written by Emma Davis

Ransomware operators ProLock attacked the largest in the US and one of the largest suppliers of ATMs and technology for making payments Diebold Nixdorf.

According to the supplier, the incident affected only the company’s internal networks and affected some operations. Neither ATMs nor Diebold Nixdorf customers were affected by the cyberattack.

Diebold has determined that the spread of the malware has been contained. The incident did not affect ATMs, customer networks, or the general public. Our leadership has connected personally with customers to make them aware of the situation and how we addressed it”, — Diebold said in a written statement.

On April 25, 2020, a team of information security specialists of the company discovered abnormal activity in the corporate network. Suspecting ф ransomware attack, they immediately disconnected the system from the compromised network to prevent it from spreading further.

According to KrebsOnSecurity, the shutdown affected the services used by about one hundred Diebold Nixdorf customers. In particular, was disabled the system for automating field technician requests.

As showed an investigation, the attack used ProLock ransomware, formerly known as PwndLocker. The amount of the buyback required is not specified, however, in the case of ProLock, it is usually six-digit figure ($175-660 thousand, depending on the size of the network).

According to Diebold Nixdorf, the company decided not to follow the criminals’ demands and refused to pay.

If Diebold’s claims about not paying their assailants are true, it’s probably for the best: That’s because current versions of ProLock’s decryptor tool will corrupt larger files such as database files”, — said Fabian Wosar, Emsisoft’s chief technology officer, said.

Armed with the victim’s data — or data about the victim company’s partners or customers — the attackers can then threaten to publish or sell the information if victims refuse to pay up. Indeed, some of the larger ransomware groups are doing that, constantly updating blogs on the Internet and the dark Web, which publish the names and data stolen from victims that refused to pay.

So far, the crooks behind ProLock haven’t launched their own blog. However, the crime group behind it has indicated it is at least heading in that direction


Canton, Ohio-based Diebold is currently the largest ATM provider in the United States, with an estimated 35 percent of the cash machine market worldwide. The 35,000-employee company also produces point-of-sale systems and software used by many retailers.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply