Cyber Chaos Across Airports
The European Union Agency for Cybersecurity (ENISA) has confirmed that a ransomware attack targeting global airport systems has disrupted operations across Europe. The attack, first detected late last week, scrambled check-in and boarding systems, forcing airlines to rely on manual processes while technicians worked to restore software functionality.
Airports in London, Berlin, and Brussels were among the hardest hit. At Heathrow, internal communications urged staff to continue using manual boarding and check-in methods as systems were slowly restored. While the majority of flights continued to operate, passengers faced significant delays and cancellations over the weekend.
Collins Aerospace Under Fire
Investigators have traced the disruption to Collins Aerospace’s Muse software, widely used by airlines for automated passenger processing. The cyberattack corrupted thousands of computers linked to the system, and staff were advised not to log out or reboot machines already running Muse. Collins Aerospace, describing the event only as a “cyber incident,” said it was finalizing software updates but has not clarified how long recovery efforts will take.
According to internal memos, Collins rebuilt its system after the initial breach, only to find that hackers were still inside, forcing additional resets. The persistence of the attack highlights the sophistication of the criminal group behind it. While attribution remains uncertain, ransomware gangs typically demand payment in cryptocurrency to reverse the damage.
Passenger Impact and Flight Cancellations
Brussels Airport reported one of the most severe impacts, with nearly half of its outbound flights canceled on Monday. Berlin Airport also faced extended disruption, continuing to board passengers manually with no clear timeline for full resolution. Heathrow, while stabilizing faster, still had major carriers such as British Airways relying on backup systems to manage passenger flows.
Despite widespread inconvenience, aviation officials stressed that safety was not compromised. However, with manual operations replacing automated systems, efficiency dropped dramatically. Passengers were urged to check flight statuses before traveling, as delays remained possible.
Rising Cyber Threats to Aviation
The attack underscores growing vulnerabilities in the aviation sector. According to cybersecurity firm Thales, cyberattacks in aviation have surged by 600% in the past year, with organized crime groups increasingly targeting critical infrastructure.
ENISA confirmed that law enforcement agencies are investigating the ransomware strain used in the airport attack. Meanwhile, the UK’s National Cyber Security Centre has been working with Collins Aerospace, affected airports, and government agencies to assess the full scale of the damage.
The incident follows a broader trend of costly ransomware assaults. Earlier this year, UK retailer Marks and Spencer faced recovery costs exceeding £400 million after a similar attack. The scale of the airport disruption, spanning multiple countries, signals that aviation is now firmly in the crosshairs of cybercriminal networks.