Europe's Airport Chaos: Ransomware Grounds the Aviation Industry

September 23, 2025

Travellers across Europe are facing significant delays and disruptions as a ransomware attack on a critical aviation software provider brings manual check-in processes back to major airports. The European Union Agency for Cybersecurity (ENISA) has confirmed that ransomware is behind the ongoing chaos affecting airports from London to Brussels, highlighting the vulnerability of critical infrastructure to cyber attacks.

The Attack Unfolds

The ransomware attack has targeted Collins Aerospace, a US-based company that provides essential check-in and baggage processing software to airports worldwide. Collins Aerospace's ARINC SelfServ cMUSE software is used by airport staff to process traveller check-ins and bag drop functions at some of Europe's busiest airports.

The affected airports include:

  • London Heathrow
  • Berlin Brandenburg
  • Brussels Airport
  • Dublin Airport
  • Cork Airport

Collins Aerospace, owned by defence contractor RTX (which also oversees military contractor Raytheon Intelligence & Space), confirmed the cyber attack on Friday evening, but the full extent and nature of the breach are still being investigated.



The Ripple Effect of Critical System Failure

The attack has forced airport staff to revert to manual operations, creating significant bottlenecks in what are normally streamlined digital processes. At Brussels Airport, the situation became so severe that airlines were asked to cancel nearly half of their Monday flights.

According to FlightAware data:

  • Brussels had 18 flights cancelled (6%) and 23 delayed (8%)
  • Berlin Brandenburg recorded seven cancellations
  • Heathrow experienced six cancellations and 40 delays

Whilst Heathrow has managed to maintain near-normal operations through contingency procedures, other airports have struggled more significantly with the manual processes required to replace the compromised digital systems.



A Textbook Example of Supply Chain Vulnerability

This incident perfectly illustrates how a single point of failure in the technology supply chain can create widespread disruption across multiple organisations and countries. Collins Aerospace's software serves as critical infrastructure for numerous airports, meaning that when their systems are compromised, the effects cascade across the entire European aviation network.

The attack demonstrates several concerning trends in modern cyber warfare:

Critical Infrastructure Targeting: Attackers are increasingly focusing on systems that support essential services, knowing that the pressure to restore operations quickly can lead to ransom payments.

Supply Chain Exploitation: Rather than attacking individual airports, cybercriminals have targeted a shared service provider, maximising their impact with a single breach.

Operational Disruption Over Data Theft: This ransomware attack appears focused on disrupting operations rather than stealing sensitive data, reflecting a shift in attacker priorities towards causing maximum business impact.



Manual Operations: A Temporary Solution

The return to manual check-in processes has provided a stark reminder of how dependent the aviation industry has become on digital systems. Whilst airports have managed to maintain operations through manual procedures, the reduced efficiency is evident in the extended processing times and passenger delays.

Airport authorities are encouraging passengers to use online self-check-in and self-service bag drop systems where possible to reduce the load on manual systems. However, the incident raises questions about contingency planning and whether sufficient manual backup procedures are in place for critical operations.



Industry-Wide Implications

This attack on Collins Aerospace is part of a broader trend of ransomware groups targeting critical infrastructure providers. The aviation industry, with its complex interconnected systems and low tolerance for downtime, presents an attractive target for cybercriminals.

The incident highlights several key vulnerabilities in the aviation sector:

Concentration Risk: When multiple airports rely on the same software provider, a single attack can cause widespread disruption.

Legacy Systems: Aviation systems often run on older technologies that may not have been designed with modern cybersecurity threats in mind.

Operational Pressure: The aviation industry's need for continuous operation creates pressure to restore systems quickly, potentially making organisations more likely to pay ransoms.



The Path Forward

As the industry works to recover from this latest attack, several lessons emerge for aviation organisations and their technology providers:

Diversification: Airports and airlines should consider diversifying their technology providers to reduce single points of failure.

Enhanced Security Requirements: Procurement processes should include rigorous cybersecurity assessments of critical software providers.

Improved Contingency Planning: Manual backup procedures must be regularly tested and updated to ensure they can handle extended outages.

Information Sharing: Better coordination between airports, airlines, and security agencies can help identify and respond to emerging threats more quickly.



No End in Sight

At the time of writing, there is no clear timeline for when Collins Aerospace's systems will be fully restored. Brussels Airport has stated that "it is still unclear when the issue will be resolved," whilst affected airports continue to operate with reduced capacity and extended processing times.

The lack of a claimed responsibility for the attack adds another layer of uncertainty to the situation. Without knowing the specific ransomware group involved or their demands, it's difficult to predict how long the disruption will continue.




Is Your Organisation Ready?

Whether you operate in aviation or any other critical sector, the Collins Aerospace attack demonstrates how quickly cyber threats can disrupt operations and affect thousands of people. Are your systems and supply chain partners adequately protected?

At Altiatech, we specialise in cybersecurity solutions for organisations that cannot afford downtime. Our comprehensive approach includes:

Critical Infrastructure Protection: Specialised security measures for systems that support essential operations

Supply Chain Security: Assessment and monitoring of third-party providers who could impact your operations

Ransomware Defence: Multi-layered protection strategies designed to prevent, detect, and respond to ransomware attacks

Business Continuity Planning: Detailed procedures to maintain operations when primary systems are compromised

24/7 Monitoring: Continuous oversight of your security environment to detect and respond to threats before they cause disruption


Don't wait for a cyber attack to test your resilience. Contact Altiatech today to ensure your critical systems remain operational when others are forced offline.

Get in touch:


Because when critical infrastructure fails, the consequences extend far beyond IT systems—they affect real people, real journeys, and real business operations. Let us help you stay operational when others cannot.

Identity Governance Maturity: Assessing Where Your Organisation Stands

December 22, 2025
Identity and access management represents a critical security capability, yet many organisations struggle to assess whether their IAM implementation is truly effective. Identity governance maturity models provide a framework for evaluation, revealing gaps and priorities for improvement.

Zero Trust Security: Moving Beyond Perimeter Defence in Hybrid Work Environments

December 15, 2025
Traditional security models assumed everything inside the corporate network was trustworthy, focusing defensive efforts on the perimeter. This approach fails catastrophically in today's hybrid work environment where employees access resources from homes, coffee shops, and co-working spaces whilst applications reside across multiple clouds.
Microsoft logo on a wood-paneled wall, with colorful squares and company name.

Microsoft 365: Major Licensing Changes Coming in 2026

December 10, 2025
Microsoft is introducing major Microsoft 365 licensing changes in 2026. Learn what’s changing, who is affected and how businesses should prepare.

The Real Cost of Cloud Waste: How UK Organisations Are Losing Thousands Monthly

December 8, 2025
Cloud computing promised cost savings through pay-per-use models and elastic scaling. Yet many UK organisations discover their cloud bills steadily increasing without corresponding business growth. The culprit? Cloud waste - unnecessary spending on unused or inefficiently configured resources.

Zendesk Users Targeted with Sophisticated Support Platform Attack

November 28, 2025
A threat group known as Scattered Lapsus$ Hunters is targeting Zendesk users through a sophisticated campaign involving fake support sites and weaponised helpdesk tickets, according to security researchers at ReliaQuest. The operation represents an evolution in how cybercriminals exploit trust in enterprise SaaS platforms.

AWS Introduces DNS Failover for US East Region—Acknowledging Its Reliability Problem

November 28, 2025
Amazon Web Services has launched a new feature allowing customers to make DNS changes within 60 minutes during service disruptions in its US East (N. Virginia) region. The announcement tacitly acknowledges what many have long observed: AWS's largest and most critical region has a reliability problem.

Two Years After Ransomware Attack, Scottish Council Still Rebuilding Systems

November 28, 2025
A Scottish council remains unable to fully restore critical systems two years after a devastating ransomware attack, highlighting the long-term consequences of inadequate cybersecurity preparation and the challenges facing resource-constrained local authorities.  Comhairle nan Eilean Siar, serving Scotland's Western Isles, suffered a ransomware attack in November 2023 that required extensive system reconstruction. According to a report published by Scotland's Accounts Commission, several systems remain unrestored even now, with large data volumes slowing the digital recovery process.

Windows 10 End-of-Life: Your Complete Migration Strategy for 2026

November 26, 2025
Ready to migrate from Windows 10? Contact Altiatech for a comprehensive migration assessment and strategy tailored to your organisation's needs.

CISA Warning: Commercial Spyware Actively Targeting Messaging App Users

November 25, 2025
The Cybersecurity and Infrastructure Security Agency has issued an alert warning that multiple cyber threat actors are actively leveraging commercial spyware to target users of mobile messaging applications including Signal and WhatsApp. The sophisticated campaigns use advanced social engineering and exploit techniques to compromise victims' devices and gain unauthorized access to their communications.

Microsoft's AI Agents in Windows: What Businesses Need to Know About Copilot Actions

By fahd.zafar November 24, 2025
Microsoft has introduced experimental AI agent capabilities into Windows through Copilot Actions and agent workspaces, features designed to automate everyday tasks like organising files, scheduling meetings, and sending emails. However, the announcement comes with significant security warnings that business leaders and IT administrators must understand before enabling these capabilities.