- A ransomware attack on a key supplier has halted check-in and boarding at several European airports.
- ENISA confirmed the ransomware; there is no official attribution yet.
- Brussels canceled 140 of 276 flights in one day, according to AP; there were widespread delays.
- NCA arrested a suspect in the UK and the NCSC is coordinating with airports and Collins Aerospace.
Several European airports suffered operational interruptions after a ransomware attack compromised check-in and boarding software used by multiple airlinesThe incident forced the activation of manual procedures, with Long queues, delays and cancellations at busy terminals, leaving many passengers without access to public Wi-Fi networks.
The European Union Agency for Cybersecurity (ENISA) confirmed that it was ransomware against the supply chain, affecting the airport ecosystem through an external provider. The scene It was repeated in airports such as Brussels, London-Heathrow, Berlin and Dublin, with thousands of passengers having to manage their procedures without digital support.
What has happened and who is affected
El The incident focused on Collins Aerospace systems. (a subsidiary of RTX), a provider of critical solutions for the sector, including the environment of MUSE/ARINC cMUSE check-in and boarding shared by several airlines at counters and gates. By being shut down, many airports lost basic passenger and baggage processing capabilities.
This case illustrates a known risk: A single vulnerable link in a supplier can trigger a far-reaching domino effect.Reliance on centralized platforms streamlines operations in normal times, but in the event of a cyber incident, the impact is multiplied in a matter of hours.
- Main terminals affected: Brussels, London Heathrow, Berlin y Dublin, with variable impacts.
- Operation degraded: check-in, baggage dispatch and boarding They switched to manual processes.
- Authorship: no official attribution to date, with open investigation.
Delays, cancellations and status of operations
With digital systems down, Airlines had to resort to paper lists, manual checks and increased staffingThe result was long waits and rescheduling which extended from the weekend to the following days.
Brussels was one of the hardest hit areas: According to the AP agency, the airport was forced to cancel 140 of 276 flights in a single day, in addition to accumulating delays in the rest of the scheduled operations.
In the United Kingdom, Heathrow advised travelers to check their flight status before arriving at the terminal.While Berlin reported reduced but sustained operations with fewer cancellations thanks to contingency measures. In Dublin also saw billing incidents and boarding, although with a smaller scope than in Belgium.
Collins Aerospace reactivated its platform at the beginning of the week and Operators continue to gradually restore servicesHowever, some terminals have warned of possible setbacks in the short term while flows stabilize and pending data is validated.
Investigation and response of the authorities
ENISA has corroborated the nature of the incident and insists that There is no confirmed attribution to any groupThe investigation remains active, with information being exchanged between regulators, law enforcement, and the private sector.
In the United Kingdom, The National Crime Agency (NCA) arrested a man in his 40s in West Sussex in connection with the case.The suspect was released on bail while the investigation continues, which is still in its early stages, according to the National Cybercrime Unit.
El The British National Cyber Security Centre (NCSC) confirmed its cooperation with Collins Aerospace., affected airports, and the Department of Transportation to assess the scope of the attack, restore capabilities, and strengthen resilience to similar incidents.
Since there is no official attribution, specialized media have mentioned various hypotheses about possible actors, but, as a precaution, the Authorities insist that all speculation should be taken with caution. until conclusive evidence is obtained.
Ransomware encrypts systems or blocks access to data and demands payment to release it; sometimes, it adds the threat of information leakage. The trend is worrying: In the first half of 2024, more than 2.500 attacks were recorded. on a global scale, which underscores the need for multi-factor authentication, isolated backups and ongoing staff training, as well as How to join a secure Wi-Fi network.
This incident exposes how an attack on a critical service provider can disrupt operations at multiple airports at onceThe combination of shared platforms, technological dependence, and high passenger volume makes the airport ecosystem an attractive target for cybercrime and requires well-rehearsed contingency plans.
I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.
If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.