Europe’s busiest airports are still struggling to restore normal operations on Monday after a suspected ransomware attack on a U.S. aviation technology provider crippled check-in systems in London, Brussels, Berlin and Ireland.

The attack targeted Collins Aerospace, a subsidiary of defense giant RTX, whose vMUSE self-service software is used for passenger check-in, baggage tagging and boarding. The disruption, which began Friday night, forced thousands of travelers into long lines at manual counters and led to hundreds of flight delays and cancellations over the weekend.

The European Union's cybersecurity agency, ENISA, said Monday that the disruptions were caused by a “third-party ransomware incident.” The agency said it identified the type of ransomware but declined to publicly specify it. The threat actor remains unknown. 

Brussels Airport asked airlines to cancel nearly half of Monday’s departures, warning that the outage continued to have a “large impact on the flight schedule.” Dublin Airport said some airlines were still issuing bag tags and boarding passes manually, cautioning passengers that check-in and bag drop would take longer than usual.

London’s Heathrow Airport said the “vast majority of flights” operated on Sunday and Monday, but Collins’ systems were still being restored. British Transport Minister Heidi Alexander said in a post on X that she was receiving regular updates and monitoring the situation.

In Berlin, disruption had eased by Sunday, according to local media reports, though passengers continued to face delays as the airport warned of “longer waiting times” and urged travelers to use online check-in before arriving.

RTX told Reuters the cyberattack’s impact was “limited to electronic customer check-in and baggage drop” and stressed that manual systems provided a workaround. Collins Aerospace said Monday it was in the “final stages” of software fixes.

Collins Aerospace and RTX have not replied to requests from Recorded Future News for comment.

The aviation sector has faced a string of cyber incidents in recent months. Last week, one of Russia’s busiest airports said its website was knocked offline in a cyberattack. In July, Australian airline Qantas disclosed a breach that exposed customer data.

U.S. law enforcement has previously warned that the Scattered Spider cybercrime group has been targeting airlines, including Hawaiian Airlines and Canada’s WestJet.