Cyberattacks

Hackers used ransomware to attack Collins Aerospace, disrupting automated check-in and boarding systems at major European airports since Friday.

Context

Collins Aerospace, a subsidiary of US defense company RTX, provides the technology that allows passengers to check themselves in, print boarding passes and bag tags, and drop off luggage at kiosks. Multiple airlines operating at several European airports utilize the company’s software.

Ransomware is a type of cyberattack in which criminals lock a victim’s data and systems in an attempt to secure a payment, typically in Bitcoin.

Flight Disruptions

The European Union Agency for Cybersecurity confirmed on Monday that the disruptions were caused by a ransomware attack, stating that “law enforcement is involved to investigate.”

The attack, which began Friday night, forced airports, including in London, Brussels, Berlin, and Dublin, to rely on manual check-in processes. Kiosks and bag-drop machines went offline, requiring airline staff to process passengers manually with handwritten boarding passes in some cases.

Affected Flights

Brussels Airport cancelled 40 of its 277 departing flights and 23 arrivals on Monday, with officials saying they had asked airlines to cancel nearly 140 of 276 scheduled outbound flights for Tuesday.

Berlin Airport reported delays of over an hour for departures on Monday, which coincided with increased passenger numbers due to the Berlin Marathon. While London Heathrow said the “vast majority of flights” were operating normally, check-in and boarding took longer than usual for affected airlines.

Recovery Efforts

Collins Aerospace said Monday it was in the final stages of completing the updates to get the software back online, but airports remained uncertain about when systems would be fully operational. Internal communications from Heathrow, seen by the BBC, indicated that more than a thousand computers may have been “corrupted” and that most recovery work had to be done in person rather than remotely. The memo also revealed that Collins fixed its systems and relaunched them, only to discover the hackers still had access. About half of the airlines flying from Heathrow were back online in some form by Sunday.