BERLIN, Sept 22 (Reuters) – Europe’s busiest airports faced significant disruptions in recent days after a ransomware attack targeted automated check-in systems, the European Union’s cybersecurity agency confirmed on Monday. The incident underscores the growing vulnerability of critical infrastructure to cyberattacks, with thousands of passengers affected and dozens of flights delayed or canceled.
According to the EU Agency for Cybersecurity (ENISA), the attack involved malicious software designed to lock up data until a ransom is paid. While the agency did not disclose the origin of the ransomware, authorities have launched investigations, with law enforcement agencies actively involved.
The affected systems were provided by Collins Aerospace, a subsidiary of RTX (RTX.N), which supplies technology for automated airport check-in and boarding. Disruptions began on Friday and continued into Monday at major hubs including London Heathrow, Brussels, and Berlin airports.
Impact on Airlines and Passengers
At London Heathrow, Europe’s busiest airport, airlines implemented contingency measures to manage passenger flow while Collins Aerospace worked to restore full functionality. Heathrow spokespersons emphasized that operational teams were coordinating closely with the technology provider to minimize further delays.
Berlin Airport, which experienced higher passenger volumes due to the Berlin Marathon, faced delays of more than an hour. Passengers described the boarding process as reminiscent of the early days of commercial aviation, relying on handwritten boarding passes due to system outages.
Brussels Airport also faced significant disruptions. The airport relied on iPads and laptops to manually check in passengers, but about 60 flights out of 550 scheduled departures and arrivals were canceled. Data from aviation analytics firm Cirium indicated that only 42% of flights departed within one hour of their scheduled times, highlighting the ongoing operational strain. Dublin Airport reported minimal impact, thanks to preemptive manual processes and contingency planning.
Read More: Optus Links Emergency Call Outage in Australia to Process Failures
Ransomware Threats on the Rise
Ransomware attacks have increasingly targeted high-profile organizations, as cybercriminals seek attention and financial gain. Rafe Pilling, director of threat intelligence at British cybersecurity firm Sophos, noted that while the visibility of disruptive attacks in Europe has increased, the overall frequency of large-scale incidents remains relatively low.
“Truly large-scale, disruptive attacks that spill into the physical world remain the exception rather than the rule,” Pilling told Reuters. However, he emphasized that targeting high-profile victims amplifies the consequences, particularly when attacks affect essential services like aviation.
A survey of 1,000 companies by German industry group Bitkom found that ransomware is now the most common form of cyberattack, with one in seven companies admitting to paying a ransom to regain access to their data. This trend highlights the growing challenge organizations face in defending against increasingly sophisticated cyber threats.
Collins Aerospace Response
Collins Aerospace confirmed it was collaborating with the affected airports to restore operations. The company indicated that updates were in the final stages of deployment to fully reinstate automated check-in services.
Airlines and airports have adapted by implementing manual check-in processes and adjusting staffing levels to mitigate the impact on travelers. These efforts are critical in preventing cascading delays that can ripple across international flight schedules.
Broader Implications for Critical Infrastructure
The incident serves as a stark reminder of the vulnerabilities inherent in digital systems that underpin essential services. Airports rely heavily on automated technologies for efficiency and safety, and a single cybersecurity breach can disrupt operations, cause financial losses, and inconvenience thousands of passengers.
Cybersecurity experts warn that as infrastructure becomes increasingly digitized, the risk of ransomware and other cyberattacks will continue to grow. Governments and private companies are urged to enhance security protocols, conduct regular system audits, and develop robust incident response plans.
“Airports and airlines are critical national assets,” Pilling said. “Securing these systems is not just about protecting data—it’s about safeguarding the economy and public safety.”
Recent Cyberattacks on Industry
The aviation sector is not alone in facing cyber threats. Recent months have seen a wave of ransomware attacks targeting various industries, including automotive and manufacturing. Luxury carmaker Jaguar Land Rover temporarily halted production after a cyberattack disrupted operations, illustrating how ransomware can extend beyond digital environments and impact physical production.
The trend toward targeting high-profile organizations reflects the strategic goals of cybercriminals. Larger, well-known victims can draw media attention, increase pressure on companies to pay ransoms, and maximize financial gain. While the frequency of such attacks is not necessarily increasing, their potential impact continues to escalate.
Passenger Experience and Operational Challenges
For passengers, the ransomware attack translated into long queues, delayed departures, and in some cases, canceled flights. At Brussels Airport, manual check-in processes caused bottlenecks, while Berlin Airport reported significant delays due to the reliance on traditional paper-based boarding procedures.
Despite these challenges, airports worked quickly to implement contingency plans. Staff were redeployed to assist travelers, temporary check-in counters were set up, and airlines adjusted flight schedules where possible. These measures helped mitigate disruptions but highlighted the need for more resilient systems in the face of cyber threats.
Future Preparedness and Cybersecurity Measures
The recent events underscore the importance of robust cybersecurity measures for airports and critical infrastructure providers. Experts recommend a multi-layered approach, including regular software updates, network segmentation, employee training, and incident response planning.
Investments in cybersecurity are no longer optional. As automation and digital technologies continue to advance, airports must anticipate potential threats and develop strategies to ensure continuity of operations during cyber incidents.
ENISA’s confirmation of the ransomware attack is likely to prompt additional scrutiny across the sector, with regulators and operators reviewing current security practices. Collaborative efforts between governments, industry stakeholders, and cybersecurity firms are essential to enhance resilience and prevent similar disruptions in the future.
Frequently Asked Questions
What caused the recent disruptions at European airports?
A ransomware attack on automated check-in systems provided by Collins Aerospace led to widespread delays and cancellations.
Which airports were affected by the attack?
Major airports impacted include London Heathrow, Brussels Airport, Berlin Airport, and, to a lesser extent, Dublin Airport.
How long are flight operations expected to be disrupted?
While some airports have partially restored services, full recovery depends on completing system updates and ongoing cybersecurity investigations.
What is ransomware and how does it work?
Ransomware is malicious software that locks access to data until a ransom is paid, often targeting high-profile organizations.
Are passengers safe despite the cyberattack?
Yes, airport operations continue with contingency measures, and there have been no reported safety incidents related to the attack.
How are airlines managing the disruptions?
Airlines have implemented manual check-in processes, adjusted staffing, and coordinated with airports to minimize delays and cancellations.
What measures are being taken to prevent future attacks?
Airports and suppliers are enhancing cybersecurity protocols, performing system updates, and collaborating with law enforcement to strengthen defenses.
Conclusion
The ransomware attack on Europe’s major airports highlights the increasing threat cybercrime poses to critical infrastructure. Disruptions to automated check-in systems affected thousands of passengers and dozens of flights, emphasizing the urgent need for robust cybersecurity measures. As airports and airlines work to restore full operations, the incident underscores the importance of proactive defense strategies, contingency planning, and collaboration between industry and authorities.
