Airport Chaos: A Single Ransomware Attack Cripples European Air Travel

The European Union Agency for Cybersecurity (ENISA) has reported that disruptions across several European airports over the weekend were caused by a targeted ransomware attack against the U.S.-based provider of check-in and boarding systems, Collins Aerospace.

Attackers struck the MUSE platform, a shared system used by multiple airlines to allocate check-in counters and boarding gates — a dependency that explains the wide-reaching regional impact of the incident.

According to Brussels authorities, the attack began overnight on Friday, September 19, crippling automated processes at major aviation hubs including London Heathrow, Brussels, and Berlin Brandenburg. Ireland’s airports in Cork and Dublin also reported issues, albeit on a smaller scale. The fallout was significant: more than one hundred flights were delayed or cancelled, and thousands of passengers were forced to obtain boarding passes manually, dramatically increasing the burden on ground staff and disrupting terminal logistics.

Collins Aerospace is currently working to restore operations and bring systems back online at affected airports, while law enforcement agencies have launched investigations. In the UK, the National Cyber Security Centre (NCSC) is coordinating with operators and transport authorities to assess the scale of damage and prevent further escalation.

ENISA experts have confirmed the ransomware nature of the incident, noting that the attack vector involved encrypting or disabling services while demanding payment to restore access and halt potential data leaks.

The consequences extended beyond flight delays — the loss of automated systems for check-in and gate assignments heightened the risk of scheduling errors and complicated emergency responses to traffic changes.

Airline operators have urged passengers to verify flight status in advance, while regulators and industry bodies are ramping up oversight of critical infrastructure providers. The incident underscores how a single point of failure in an external vendor can trigger cascading disruptions across the entire air travel network.

The NCSC has advised organizations to leverage its free resilience guides and toolkits to strengthen defenses against similar ransomware campaigns and reduce the likelihood of recurrence.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy