24-09-25 – Update – A man has been arrested in connection with the ransomware attack causing disruptions across several of Europe’s busiest airports.
The man was arrested on Tuesday evening on suspicion of Computer Misuse Act offences. He has since been released on bail.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, head of the national cybercrime unit at the UK’s National Crime Agency (NCA).
Travelers in Europe have been hit with disruptions, delays, and cancellations after a digital check-in system was hit by a confirmed ransomware attack.
Over the weekend, several of Europe’s busiest airports confirmed a cyber-attack had disrupted check-in and baggage systems, leading to long queues.
The European Union Agency for Cybersecurity confirmed on Monday that a ransomware attack had hit automated check-in systems delivered by Collins Aerospace, owned by RTX.
The attack has affected dozens of flights and caused disruptions to thousands of passengers across the EU since Friday.
London Heathrow, Brussels Zaventem, Berlin Brandenburg and Dublin Airport have confirmed they have been impacted to some degree by the attack.
“We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident,” a spokesperson at the UK’s National Cyber Security Centre said.
“All organisations are urged to make use of the NCSC’s free guidance, services and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats.”
The attack reportedly targeted the popular Muse check-in software, which is used by many airlines to automate check-in, baggage tagging and boarding pass authentication across different desks and gates in the airport.
One passenger told Reuters the boarding process had to be undertaken manually, including the use of a ‘handwritten’ boarding pass.
A Brussels Airport spokeswoman told VRT news that check-in desk staff were resorting to laptops, pen, and paper in order to check passengers in. Online check-in was not affected.
Belgium news site VRT News reported that while disruption was still being felt, the “vast vast majority of flights are operating as normal.”
BBC News said on Monday that around half of the airlines flying in from Heathrow were back online by Sunday.
“Following a cyberattack on the American company Collins Aerospace, the external provider of check-in and boarding systems, there are disruptions to check-in operations at several European airports,” Brussels Airport said in a statement.
“The service provider is actively working on the issue and trying to resolve the problem as quickly as possible. At the moment it is still unclear when the issue will be resolved.”
It’s currently unknown who is behind the attack, the extent of the ransomware’s impact or how the attack began.
Due to the nature of targeting critical infrastructure in the EU, some have speculated the attack could have been linked to Russian hacker groups. There is no evidence so far to confirm this.
“After the flagrant violation of Estonian airspace, the government needs to urgently establish if Vladimir Putin is now attacking our cyber systems,” said Calum Miller, the foreign affairs spokesman at the UK’s Liberal Democrat party.
Collins Aerospace is a US-based company, which has recently been awarded a NATO contract for an ‘electromagnetic warfare command and control system.’
This contract is not connected to the attack but demonstrates the company’s role in sensitive defense work.
In a statement to AP News, the company said it is “actively working to resolve the issue and restore full functionality to our customers as quickly as possible. The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations.”
Why This Matters
Supply chain ransomware attacks have become increasingly common. This attack demonstrates how a single piece of software can become a point of failure in a much bigger network.
One software vendor being impacted can have continent-wide ramifications. Operational resilience for supply chains is critical.
This also continues a major trend of increased cyber-attacks on the aviation space. The aviation sector has seen a 600% increase in attacks since last year, with 27 major attacks by 22 ransomware groups between January 2024 and April 2025, according to Thales.
Aviation relies on digital software, and disruptions to travel logistics can cost millions in lost revenue and productivity.
Read More
- EU agency confirms ransomware attack behind airport disruptions
- EU cyber agency says airport software held to ransom by criminals
Cyberattack on European airports caused by ransomware, EU finds
