EU cyber authority confirms ransomware attack on airport software

The disruptions at major European airports that have been ongoing since Saturday are the result of a ransomware attack on the system of service provider Collins Aerospace. This was confirmed by the European Network and Information Security Agency (ENISA) to several media outlets on Monday. The agency is responsible for coordinating cybersecurity at the EU level, including the protection of critical infrastructure such as airports.

According to reports by Reuters and Deutsche Welle, Enisa has “identified the type of ransomware.” In addition, the relevant investigative authorities are said to have begun working on the case. According to Reuters, Collins Aerospace is working with the four affected airports—Berlin, Brussels, Dublin, and London Heathrow—to get the systems up and running again.

Disruptions have been ongoing for three days

At some four locations, check-in and baggage drop-off have not been possible since Friday evening, and the disruptions are still ongoing on Monday. Numerous takeoffs and landings have been canceled. Online check-in, which passengers can do themselves, is not affected. At times over the weekend, boarding passes were issued by hand on paper at the airports. At Berlin's BER airport, the situation was exacerbated on Sunday and Monday by a marathon with over 55,000 participants.

On Saturday, there was already a report from an ARD correspondent that it was a ransomware attack. However, there was no official confirmation until Monday, and Collins repeatedly referred only to a “cyber-related attack.” The company is active as an IT service provider for military and civil aviation, among other things, and is part of RTX, formerly known as Raytheon.

(nie)