New CryptoPro Vulnerabilities Raise Concerns Over ATM and Enterprise Security
What happened
Security researcher Matt Burch, principal security researcher at Atredis Partners, has identified nine vulnerabilities in CryptoPro Secure Disk, a full-disk encryption and pre-boot authentication solution used in both enterprise Windows environments and some ATM security implementations. Burch is scheduled to present his findings at Black Hat USA 2026.
According to the research, the flaws could allow an attacker with physical access to bypass encryption protections, recover cryptographic keys, execute unauthorized code during the pre-boot process, and potentially carry out ATM “jackpotting” attacks that force machines to dispense cash.
The findings have sparked disagreement between Burch and ATM manufacturer Diebold Nixdorf. While Burch argues the vulnerabilities could be leveraged against ATM systems that rely on CryptoPro, Diebold maintains that the issues present little to no additional real-world risk to its ATMs. The company acknowledged that two of the reported vulnerabilities were theoretically applicable under certain conditions and said they were addressed in a software update released in December 2025.
Who is affected
The vulnerabilities primarily affect organizations using CryptoPro Secure Disk to protect Windows systems, as well as ATM vendors and financial institutions that incorporate the software into their security stack.
Although the exact impact on Diebold Nixdorf ATMs remains disputed, the research highlights broader risks for organizations relying on full-disk encryption. CryptoPro claims its software has been deployed across more than 500,000 systems spanning multiple industries, meaning the findings could extend beyond the banking sector.
Why CISOs should care
The research serves as a reminder that encryption alone does not guarantee security. Weak key management, insecure boot processes, or improperly protected recovery mechanisms can undermine otherwise strong cryptographic controls.
For financial institutions, the findings reinforce the importance of securing both software and physical hardware. Attackers increasingly combine physical access with software vulnerabilities to bypass security controls. More broadly, enterprise security teams should review how encryption products store sensitive keys and whether pre-boot authentication mechanisms can be tampered with.
Even where vendors dispute exploitability, independently disclosed vulnerabilities provide an opportunity to validate security assumptions and confirm that deployed systems have received the latest updates.
3 practical actions
Review whether CryptoPro Secure Disk or similar encryption software is deployed across Windows endpoints and ATM infrastructure.
Verify that affected systems have received all available vendor updates and security patches, especially those addressing pre-boot authentication.
Assess encryption implementations for secure key storage, boot integrity, and physical security controls to reduce the risk of bypass attacks.


