Diebold Nixdorf Hit by ProLock Ransomware Attack in April
Diebold Nixdorf, the largest ATM provider in the U.S. and a major global player with over a third of the worldwide market, confirmed a ransomware attack in April that disrupted its corporate operations. The company disclosed the incident this week, stating that customer networks remained unaffected and that the attack had been contained.
Security researcher Brian Krebs reported that the attackers deployed ProLock ransomware, a successor to the PwndLocker kit. ProLock encrypts files by appending malicious executables, sometimes layering them to complicate recovery. Victims are directed to a Tor-based payment portal via a ransom note, with demands averaging 60 BTC (approximately $570,000) in early April. Diebold Nixdorf confirmed it did not pay the ransom.
The company detected the infection in late April and stated that the malware’s spread had been halted. Leadership reportedly contacted customers directly to inform them of the breach and mitigation efforts. While ransomware attacks often promise decryption tools upon payment, many victims never receive them, leaving data permanently inaccessible.
Diebold Nixdorf TPRM report: https://www.rankiteo.com/company/diebold
"id": "die1772015252",
"linkid": "diebold",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Financial Services (ATM Provider)',
'location': 'Global (Headquartered in the U.S.)',
'name': 'Diebold Nixdorf',
'size': 'Large (over a third of the worldwide ATM '
'market)',
'type': 'Corporation'}],
'customer_advisories': 'Direct customer notifications regarding the breach '
'and mitigation efforts',
'data_breach': {'data_encryption': 'Files encrypted by ProLock ransomware'},
'date_detected': '2020-04-01',
'date_publicly_disclosed': '2020-05-01',
'description': 'Diebold Nixdorf, the largest ATM provider in the U.S. and a '
'major global player, confirmed a ransomware attack in April '
'that disrupted its corporate operations. The attack was '
'contained, and customer networks remained unaffected.',
'impact': {'operational_impact': 'Disruption of corporate operations',
'systems_affected': 'Corporate operations'},
'investigation_status': 'Contained',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': '60 BTC (~$570,000)',
'ransom_paid': 'No',
'ransomware_strain': 'ProLock'},
'references': [{'source': 'Brian Krebs (Security Researcher)'},
{'source': 'Diebold Nixdorf Disclosure'}],
'response': {'communication_strategy': 'Direct customer notifications',
'containment_measures': 'Malware spread halted'},
'title': 'Diebold Nixdorf Hit by ProLock Ransomware Attack',
'type': 'Ransomware'}