EU’s cyber agency blames ransomware as Euro airport check-in chaos continues

September 22, 2025 TH Author

The EU’s cybersecurity agency today confirmed that ransonmware is the cause of continued disruption blighting major airports across Europe.

Aside from the disturbance at various airports including London Heathrow, Berlin Brandenburg, and those in Brussels, Dublin, and Cork, very little is known about the specifics of the attack. No crew has yet claimed responsbility.

The European Union Agemncy for Cybersecurity (ENISA), sent a statement to The Register, saying: “We would like to update you that the cyberattack is confirmed to be a ransomware attack.”

The company at the heart of the problems is Collins Aerospace, based in the US, which confirmed cyberattack on Friday evening.

Collins Aerospace provides ARINC SelfServ cMUSE software, which is used by airport workers to process traveler check-ins and bag drop functions.

The company is owned by RTX, a company that also oversees US military contractor Raytheon Intelligence & Space, which supplies air, space, and cybersecurity technologies.

Staff at affected airports have resorted to manual operations since the attack took hold, but are still urging customers to use online self-check-in and self-service bag drop systems where possible.

Heathrow said in a statement Monday: “Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in. We apologize to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.

“We encourage passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.”

Brussels and Berlin Brandenburg issued near identical statements, although Brussels added: “At the moment it is still unclear when the issue will be resolved.”

According to the BBC, Brussels asked airlines to cancel nearly half of their flights on Monday, while Heathrow is operating at near-normal levels.

Heathrow told The Register: “Airlines across Heathrow have implemented contingencies whilst their supplier Collins Aerospace works to resolve an issue with their airline check-in systems at airports across the world.

“These contingencies mean the vast majority of flights at Heathrow are operating as normal, although check-in and boarding for some flights may take slightly longer than usual. This system is not owned or operated by Heathrow, so whilst we cannot resolve the IT issue directly, we are supporting airlines and have additional colleagues in the terminals to assist passengers.

“We encourage passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.”

According to FlightAware, which tracks canceled flights, the highest number of cancellations for today are at Brussels, with 18 (6 percent) canceled and 23 (8 percent) delayed.

For comparison, Berlin Brandenburg has had seven cancellations, and Heathrow has six cancellations and 40 delays, though not all of these will be due to the cyberattack.

The Register contacted RTX and affected airports for additional information. ®