European Airports Disrupted After Ransomware Attack Hits Collins Aerospace Systems
Flight operations crippled across major EU hubs following targeted ransomware strike
A ransomware attack on Collins Aerospace systems used across European airports has caused widespread flight delays and cancellations, disrupting operations at major hubs such as Heathrow, Brussels, and Berlin. The incident highlights critical vulnerabilities in aviation supply chains and the cascading impact of targeted cyberattacks on international travel.
Attack on Collins Aerospace Systems
The disruption began when attackers targeted software systems operated by Collins Aerospace, a Raytheon Technologies subsidiary providing passenger processing services to airlines and airports. The ransomware blocked access to check-in and boarding tools, forcing carriers to revert to manual processes.
According to Reuters, the compromise began late Friday evening, spreading rapidly to multiple airports across the European Union. By Saturday morning, thousands of passengers faced long queues, cancelled flights, and confusion as staff scrambled to maintain services without automated systems.
Impact on European Airports
Several major hubs confirmed being affected. Brussels Airport reported that over 120 flights were delayed, with 35 cancelled outright, while Berlin Brandenburg saw nearly 90 delays and 22 cancellations. London Heathrow confirmed severe disruptions across Terminals 2 and 3.
| Airport | Delays | Cancellations | Notes |
|---|---|---|---|
| Brussels | 120+ | 35 | Check-in systems offline for 14 hours |
| Berlin Brandenburg | ~90 | 22 | Severe baggage handling issues |
| Heathrow (T2/T3) | 200+ | 40 | Manual processing caused long queues |
In total, aviation watchdog Eurocontrol estimated over 650 flights across the EU were delayed, with nearly 120 cancelled within the first 24 hours.
Response From Authorities
The European Union Aviation Safety Agency (EASA) classified the incident as a “serious disruption to air traffic services.” Emergency coordination was activated with Europol and national cybersecurity teams, though authorities have not attributed the attack to a known group.
Airlines Lufthansa and British Airways confirmed operational impact, with British Airways passengers waiting up to six hours in Heathrow terminals. Belgium’s cyber crisis center said the ransomware strain used was under forensic analysis, but no ransom demand had yet been publicly disclosed.
Potential Links and Attribution
While attribution remains unclear, analysts noted similarities to ransomware families used by Eastern European cybercrime syndicates. Cybersecurity researchers pointed to code overlap with past LockBit campaigns, though officials stressed that technical analysis is ongoing and no direct responsibility has been assigned.
The timing and scope of the attack suggested coordination, raising questions about whether the campaign was purely financially motivated or strategically aimed at European infrastructure.
Aviation Supply Chain Risks
The Collins Aerospace incident highlights how a single point of failure in aviation IT systems can trigger continent-wide disruption. Analysts have warned for years that airline operations, heavily reliant on shared service providers, are attractive targets for attackers seeking maximum visibility and leverage.
Last year, a smaller-scale attack on SITA systems affected multiple international airlines. The latest ransomware campaign demonstrates how attackers have escalated from targeting passenger data to directly crippling flight operations.
Broader European Context
The attack comes amid heightened concern about cyber operations against Europe’s transportation and energy networks. Earlier this year, Germany sentenced a Chinese-linked aide for espionage activities, underscoring Europe’s rising counterintelligence posture.
It also follows Ukraine’s recent arrests of Chinese nationals suspected of espionage targeting military technology, reflecting intensifying global competition over strategic assets.
Ongoing Recovery
By late Sunday, airports reported gradual restoration of systems, but residual delays were expected to ripple through schedules for several days. Eurocontrol estimated network-wide knock-on effects could last until midweek.
Passengers stranded across airports criticized communication, with some noting that airlines were unable to update digital information boards due to system lockouts. Manual handwritten notices and verbal announcements became the primary mode of communication in several hubs.
Looking Ahead
European aviation regulators are expected to demand urgent reviews of resilience measures at shared IT providers. The incident will likely accelerate calls within the EU for stricter cybersecurity standards in aviation, particularly for third-party software and systems critical to passenger safety and logistics.
