The European Union Agency for Cybersecurity (ENISA) has confirmed that ransomware was behind a major cyberattack that disrupted check-in and boarding systems at several of Europe’s busiest airports. The attack, discovered on Friday, forced airlines to rely on manual workarounds, delaying flights and causing widespread disruption.
ENISA said on Monday that the type of ransomware used had been identified and law enforcement agencies were investigating. The malicious software scrambled automated check-in systems, leaving airports scrambling to restore normal operations.
Cybersecurity experts say criminal gangs often use ransomware to cripple systems and then demand bitcoin payments to reverse the damage. While the perpetrators of this attack remain unknown, the scale highlights growing risks to global aviation security.
Disruption at Heathrow, Berlin, and Brussels Airports
Heathrow Airport reported on Sunday that most flights were still operating, though many passengers faced delays. Internal crisis memos seen by the BBC showed staff were urged to continue manual boarding and check-in procedures until systems were restored.
British Airways, one of the airlines heavily impacted, switched to a backup system on Saturday. By Sunday, about half of the airlines flying from Heathrow were back online in some form.
Brussels Airport asked airlines to cancel nearly 140 of its 276 scheduled outbound flights on Monday, while Berlin Airport confirmed some airlines were still boarding passengers manually with no clear timeline for full recovery.
Collins Aerospace Software Targeted
The cyberattack was aimed at Muse, a widely used check-in software developed by US-based Collins Aerospace. The company acknowledged the incident but has so far referred to it only as a “cyber incident.”
An internal memo seen by the BBC revealed that more than a thousand computers may have been corrupted, requiring manual restoration. After Collins attempted to relaunch its systems, it discovered that hackers were still inside, complicating recovery efforts.
Rising Cyber Threats to Aviation
Ransomware attacks are becoming a growing challenge for the aviation industry. According to French aerospace company Thales, cyberattacks targeting the sector have increased by 600% in the past year.
In April, UK retailer Marks & Spencer also suffered a ransomware attack that caused at least £400 million in losses. Cybercrime gangs are believed to earn hundreds of millions annually from such attacks, making them a persistent global threat.
The UK’s National Cyber Security Centre said it is working with Collins Aerospace, affected airports, the Department for Transport, and law enforcement to assess the impact of the incident and strengthen defenses.
