Ransomware Attack Disrupts Airport Check-In Systems Across Europe

Key Takeaways

• Ransomware Attack: A cyberattack on Collins Aerospace’s Muse software disrupted check-in and boarding systems at major European airports, forcing manual workarounds.
• Airports Affected: Heathrow, Brussels, and Berlin faced delays and cancellations, with Brussels canceling nearly half its outbound flights on Monday.
• ENISA Confirmation: The EU’s cybersecurity agency told the BBC and Reuters that the ransomware strain was identified and law enforcement is investigating.
• Recovery Efforts: Collins Aerospace described the event as a “cyber incident” and said it is finalizing software updates but has not given a timeline for full restoration.
• Wider Trend: Aviation has seen cyberattacks rise by 600% in the past year, highlighting growing risks to critical infrastructure.

Deep Dive

A ransomware attack against a widely used airport software system has thrown check-in and boarding operations into turmoil across Europe, with authorities confirming that several major hubs are still working to restore normal service.

The European Union Agency for Cybersecurity (ENISA) confirmed to the BBC that ransomware was responsible for the outage. In a statement to Reuters, the agency added that the strain had been identified and that law enforcement agencies are now investigating.

The disruption traces back to Collins Aerospace’s “Muse” software, which powers passenger check-in and boarding across multiple airports worldwide. Internal crisis communications from Heathrow, obtained by the BBC, warned that more than a thousand computers may have been corrupted and that recovery work was being done in person rather than remotely. Collins reportedly attempted to rebuild its systems, only to discover attackers were still inside the network.

Airports in London, Berlin, and Brussels experienced varying levels of disruption over the weekend. Heathrow confirmed that most flights continued to operate but said airlines had to use manual procedures. By Sunday, British Airways and several other carriers had resumed partial electronic operations using backup systems. Brussels Airport, facing the most severe disruption, canceled nearly half of its outbound flights scheduled for Monday.

Collins Aerospace Response
Collins has not explained the full scope of the incident, describing it only as a “cyber incident.” On Monday, the company said it was finalizing software updates but did not provide a timeline for full restoration. Advisories to airlines also instructed staff not to log out of the Muse system if they were already connected, underscoring the fragility of recovery efforts.

The incident highlights the aviation sector’s growing exposure to ransomware. A report by aerospace company Thales found cyberattacks in aviation have surged 600% in the past year.

The UK’s National Cyber Security Centre said it was working with Collins Aerospace, affected airports, the Department for Transport, and law enforcement to assess the impact. Experts warn that ransomware gangs increasingly view aviation as a high-value target, with disruptions rippling across borders and magnifying their leverage.

Earlier this year, British retailer Marks & Spencer suffered a ransomware attack costing at least £400 million in recovery expenses. Analysts caution that airports and airlines face even greater stakes, where operational paralysis can create both financial and safety risks.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.