Home / News

European Airports Still Reeling from Ransomware Attack as Software Fix Nears

By CircleID Reporter
  • September 22, 2025, 9:44 am PDT
  • Views: 5,503
  • Add Comment
Travellers pass a departures board at Brussels International Airport in Zaventem, Belgium, on Saturday, September 20th, 2025, after a cyber-attack disrupted flight operations. (Photo: AP / Harry Nakos)

European air travel remains disrupted today following a ransomware attack on Friday that crippled automated check-in and boarding systems across several major airports. The culprit appears to be malicious code targeting Muse, a system developed by Collins Aerospace, a subsidiary of RTX, which provides critical software to airlines.

Ongoing recovery: According to the European Union Agency for Cybersecurity (ENISA), the attackers deployed ransomware to scramble systems used by multiple airports, including Heathrow, Brussels, Dublin, and Berlin. Although manual workarounds allowed flights to continue, passengers have experienced persistent delays, and some services were cancelled as late as Monday.

The latest update from Collins Aerospace indicates that the company is in the “final stages” of implementing software updates to restore normal operations. However, officials at Brussels Airport noted on Monday that the system had yet to be confirmed as fully secure, with over 60 flights cancelled that day alone.

System breach: Internal communications seen by the BBC suggest the scale of the breach was severe. More than a thousand computers may have been compromised, with technicians forced to rebuild systems in person after discovering that attackers had re-infiltrated newly launched networks.

Speculation continues over who is behind the attack. While some experts suggest it could be the work of state-sponsored hackers, others point to sophisticated criminal groups known for exploiting ransomware to extract payments in cryptocurrency.

The attack highlights a growing vulnerability in aviation infrastructure. Collins Aerospace’s silence on whether a ransom was demanded—or paid—leaves many questions unanswered.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

 Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS Security

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

View All Topics