GreenDispenser ATM Malware Alert

October 6, 2016
Money And Padlock Concepts Safe Property Security

A recent NCR Security Update advised there have been attacks of a new variant of ATM malware called GreenDispenser.

The financial that was attacked states that GreenDispenser interacts with XFS middleware to be able to interface with the pin pad and cash dispenser, which means it is likely it is using published CEN XFS interfaces. At this time, NCR has not received any other reports that this malware has been used to compromise ATMs, so the attack vector is unknown at this time.

The NCR Corporation has been working diligently with the affected financial institution and their infected ATMs to remove any trace of the uploaded malware. An updated stinger DAT file will be made available to identify and remove this malware, if found on an ATM. In addition, they are applying the recommended security provisions that are outlined in this release.

The NCR Corporation and Case Financial highly recommend that all ATM owners and operators engage in immediate proactive efforts to arm their deployments with the highest level of security available to thwart these types of malware attacks before they hit the United States. 

NCR Recommendations Delivered by Case Financial 

Key mandatory requirements include:

  • Apply a robust administrator password
  • Ensure AUTORUN has been fully and effectively disabled
  • Deployment of Hard Disc Encryption to prevent unauthorized files from being loaded on the ATM.
  • Deploy only PCI compliant firmware in the EPP
  • Deploy an effective anti-virus mechanism – NCR Recommends active whitelisting applications which go beyond traditional anti-virus programs – specifically the deployment of Solidcore Suite for APTRA.
    • Solidcore Suite is necessary to allow notification alerts to be sent for malware attacks performed when the ATM Hard disk is offline. Solidcore Standalone will prevent online attacks.

If you are interested in more information about any of the remedies or recommendations seen here, please feel free to contact a member of our team.