Police in Thailand have issued a warrant for the arrest of a Russian man wanted in connection with a $350,000 jackpotting malware attack on cash machines belonging to state-run Government Savings Bank.
Rustam Shambasov, 29, who has already left the country, is one of seven suspects wanted in connection with the one-week exploit that saw 21 NCR ATMs across the country emptied to the tune of 12 million baht.
GSB, which shut down almost half of its network of 7000 ATMS upon discovering the infection, reported that the robbers loaded malware onto each machine that reprogrammed them to dispense banknotes.
Researchers at FireEye have tied this - and other attacks - to a new malware strain dubbed Ripper, which the company claims targets three of the main ATM Vendors worldwide.
It says that Ripper begins to rewire the infected ATM upon insertion of a specially manufactured card with an EMV chip that serves as the authentication mechanism.
"This malware family can be used to compromise multiple vendor platforms and leverages uncommon technology to access physical devices," states the company. "In addition to requiring technical sophistication, attacks such as that affecting the ATMs in Thailand require coordination of both the virtual and the physical. This speaks to the formidable nature of the thieves."