The attack targeted a popular check-in software called Muse, provided by US software maker Collins Aerospace
A cyberattack on a US software provider has caused significant disruption across several of Europe’s busiest airports, with the EU’s cybersecurity agency confirming that criminals used ransomware to paralyse automatic check-in and boarding systems.The attack, discovered late on Friday, has led to days of delays and flight cancellations. The European Union Agency for Cybersecurity, ENISA, told Reuters that the “type of ransomware has been identified” and that law enforcement is now involved in the investigation.
Widespread Delays & Cancellations
The disruption has been felt at major hubs, including London Heathrow, Brussels Airport, and Berlin Airport.Internal communications from Heathrow staff, seen by the BBC, show that airlines were urged to continue using manual check-in and boarding workarounds as recovery efforts were ongoing. By Sunday, the airport confirmed that about half of its airlines, including British Airways, had restored some form of service.
However, the impact remained severe at other locations. Brussels Airport cancelled nearly 140 of its scheduled flights for Monday, while a Berlin Airport spokesperson stated that some airlines were still forced to board passengers manually with no clear timeline for a return to normal operations.
Hackers Re-entered Systems During Recovery
The attack targeted a popular check-in software called Muse, provided by US software maker Collins Aerospace. While the company has been referring to the event as a “cyber incident” and offered few public details, an internal memo sent to Heathrow staff paints a more vivid picture.The note indicates that more than a thousand computers may have been “corrupted” by the malicious software and that recovery work is largely being done in person, not remotely. Most critically, the memo reveals that hackers were able to re-enter the system after Collins had rebuilt and relaunched its services. In separate advice, the company reportedly told airline staff not to turn off computers or log out of the Muse software if they were still logged in.
Aviation Sector a Growing Target
The incident highlights the growing threat of ransomware, a prolific problem for organisations globally.In April, UK retailer Marks and Spencer was hit by an attack that cost at least EUR 400m to recover from. According to a recent report by French aerospace company Thales, cyberattacks in the aviation sector have increased by 600 per cent over the past year.
While Collins Aerospace stated on Monday morning that it was in the “final stages” of completing software updates to resolve the issue, the incident serves as a stark reminder of the vulnerability of interconnected critical infrastructure to a single point of failure. The UK’s National Cyber Security Centre said it is working with affected airports, the Department for Transport, and law enforcement to fully understand the impact.
