EU agency ENISA says ransomware attack behind airport disruptions

The EU cybersecurity agency ENISA confirmed that airport check-in disruptions were caused by a cyberattack, and law enforcement is investigating.

A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations.

Collins Aerospace is a major American company specializing in aviation and defense technologies, and is a subsidiary of RTX (formerly Raytheon Technologies). The company provides advanced systems for commercial, business, and military aircraft, including avionics, interiors, mission systems, and power controls. Collins also delivers integrated solutions for airports, space exploration, and operational efficiency, supporting both passenger safety and complex mission success. The attack has affected Collins’ Muse software

The incident began on Friday night, and the personnel at several airports were forced to switch to manual procedures, leading to long queues and widespread delays. Thousands of passengers were left stranded or waiting for hours.

“We have become aware of a cyber-related disruption to our Muse software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible.” said RTX said in a statement. “The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations. We will share more details as they are available.”

The European Union’s cybersecurity agency ENISA confirmed that the cyber attack caused disruptions of operations at several European airports over the weekend. The European cybersecurity agency confirmed that a third-party services provider suffered a ransomware incident. The agency confirmed that law enforcement are investigating the incident.

“The type of ransomware has been identified. Law enforcement is involved to investigate,” reads the statement issued by ENISA.

Berlin Airport operations stayed disrupted on Monday, affecting travelers, including participants of the Berlin Marathon.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, airport disruptions)