Europe’s busiest airports including Heathrow, Berlin, and Brussels faced delays and cancellations after a fresh ransomware attack on Collins Aerospace’s check‑in software disrupted passenger processing. Recovery efforts are underway amid travel chaos across the continent.
TL;DR - Europe Airport Ransomware
- Ransomware hit Collins Aerospace check-in platform used by multiple airports
- Heathrow, Berlin, Brussels saw cancellations, long queues, manual boarding
- ENISA confirms ransomware; recovery ongoing, residual delays likely
- Travelers: check status, arrive early, expect manual procedures
Jump to: Attack Overview • Airports Affected • Recovery Status • Investigation • Why It Matters • FAQ
More on News:
Attack Overview and Impacted Systems
A new wave of ransomware has struck several major European airports, knocking out automated check-in and boarding systems and forcing airlines to revert to manual processes amid mounting travel disruption.
The European Union Agency for Cybersecurity (ENISA) confirmed that malicious ransomware was responsible for the outage, which began late Friday and has affected dozens of flights and thousands of passengers over the weekend.
The cyberattack targeted a widely used third‑party passenger processing platform—the Collins Aerospace MUSE system—used by multiple airlines to share check-in and gate resources.
As a result, airports from London’s Heathrow to Berlin Brandenburg and Brussels experienced cascading system failures that crippled self-service kiosks, baggage drops, and digital boarding gate operations.
Recovery Status and Manual Operations
Collins Aerospace, a unit of RTX (Raytheon Technologies), said it is working with affected airports and in “the final stages” of restoring full functionality to the check-in systems. In the interim, airport staff have implemented contingency plans – essentially a throwback to pre-digital times.
Airlines at London Heathrow, Europe’s busiest hub, switched to backup methods, and check-in agents across multiple airports have been issuing handwritten boarding passes and using improvised online check-in via iPads and laptops to keep flights moving. “It felt like the early decades of air travel,” one Berlin passenger quipped after receiving a pen-and-paper boarding pass during the hours-long check-in delays.
Another traveller described the situation as “incomprehensible,” noting that with today’s technology “there’s no way to defend yourself” against such an attack.
Travellers wait in long queues at Heathrow Airport’s Terminal 2 after a cyberattack crippled automated check-in systems, September 20, 2025.
Airports Affected and Flight Disruptions
Flight schedules were severely disrupted. By Saturday mid-day, at least 29 flights had been cancelled across Heathrow, Brussels, and Berlin, with many more delayed, according to aviation data.
Brussels Airport faced particularly steep fallout – about 60 flights were cancelled on Monday alone out of some 550 scheduled, and “most departing flights” saw delays as staff checked in passengers manually on tablets.
Berlin Brandenburg Airport, coincidentally handling a surge of travelers from the Berlin Marathon, struggled to process crowds without its IT systems; departures were delayed over an hour on average and long lines snaked through terminals.
Even by mid-week, some lingering cancellations and slowdowns persisted: Brussels Airport still canceled ~6% of flights on Wednesday, and Berlin continued to rely on manual check-in workarounds as system recovery continued.
Smaller hubs like Dublin and Cork reported only minimal impacts, but they too had some manual procedures in place as a precaution.
Investigation and Attribution
European authorities have confirmed the incident is a ransomware attack – a criminal intrusion that locks up data until a ransom is paid.
ENISA, the EU cyber agency, stated that the specific ransomware strain had been identified and that law enforcement is investigating the perpetrators.
Several breach-tracking websites alleged that Collins Aerospace was hit by ransom-seeking hackers once before, in 2023, highlighting the persistent threat to aviation IT vendors.
In this latest case, the UK’s National Crime Agency announced an arrest of a suspect in West Sussex as part of the ongoing investigation.
Cybersecurity experts have noted the attackers likely used a variant of the “HardBit” ransomware, which infiltrated the vendor’s network supporting the MUSE platform.
Collins Aerospace’s parent company RTX disclosed in an SEC filing that upon detecting the breach, it activated incident response protocols and notified authorities worldwide, while airlines shifted to backup processes to maintain operations.
So far, the company says the incident is not expected to have a material financial impact on its business, but the impact on travelers and airport operations has been immense.
Security analysts warn that this event underscores a growing risk to critical travel infrastructure.
Aviation relies on highly integrated digital systems, so an attack on one vendor’s platform can cascade across multiple airlines and airports. “Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls and staff forced into manual workarounds,” observed Javvad Malik, a security advocate at KnowBe4.
In other words, a single point of failure in a vendor’s software can trigger continent-wide chaos – as European travelers just experienced. Ransomware gangs are increasingly aiming for such high-impact targets, knowing that downtime in air travel can cost millions and grab headlines.
While most ransomware attacks still focus on data theft and extortion, this incident is a reminder that hackers can directly disrupt the physical world, not just corporate databases.
Why It Matters for Travelers
For passengers flying through Europe, the immediate fallout of this cyberattack is impossible to miss: longer lines, delayed flights, and plenty of frustration.
Even as systems gradually come back online, residual disruptions may continue for several days.
Travelers should take extra precautions and be prepared for possible inconvenience. Here’s how to navigate the situation:
- Double-check your flight status and airline notifications before heading to the airport, as many flights have faced delays or cancellations due to the check-in outage.
- Arrive at the airport extra early. With automated kiosks down, manual check-in and baggage drop take significantly more time, leading to longer queues than usual. Give yourself a generous buffer to avoid missing your flight.
- Be ready for old-school procedures. Don’t be surprised if you receive a handwritten boarding pass or have to check in via an agent’s tablet instead of a self-service kiosk. Follow staff instructions, as many airlines are deploying additional personnel to assist with manual check-ins.
- Stay patient and flexible. Gate assignments, boarding times, and even seating arrangements might change last-minute while systems are restored. Some new bookings or schedule changes could be temporarily held up until the IT issues are fully resolved.
Airports and airlines are urging travelers to remain patient as technical teams work round-the-clock to get the digital systems back to normal.
Backup measures – from mobile check-in tools to paper passenger lists – will keep flights operating, but at a slower pace.
This incident is a stark reminder of how crucial technology has become to air travel, and how its failure can reverberate through every step of a journey.
For now, anyone flying in Europe should pack some extra time and patience along with their passport.
FAQ
What caused the outage?
A ransomware attack on a third-party passenger processing platform used by multiple airlines and airports.
Which airports were hit?
Heathrow, Berlin, and Brussels reported the most disruption; smaller hubs implemented manual safeguards.
How long will delays last?
Recovery is underway, but residual delays and occasional cancellations may persist for several days.
What should travelers do now?
Check flight status, arrive early, expect manual check-in/boarding, and follow airport staff instructions.
Sources:
Reuters: “A cyberattack targeting airline check-in systems caused delays and cancellations at several major European airports on Saturday, with staff forced to switch to manual check-ins.”
Reuters: “European Union Agency for Cybersecurity (ENISA) confirmed that ransomware was behind the outage, which hit Collins Aerospace’s passenger processing system.”
GovTech: “This latest wave of ransomware incidents at European airports highlights the vulnerability of third-party IT systems that underpin global aviation.”