Excerpt from CybersecurityNews Article, Published on September 23, 2025
Over the weekend, a major ransomware attack severely disrupted operations at several European airports, targeting the check-in and boarding systems provided by Collins Aerospace’s MUSE software. This incident, confirmed by the European Union Agency for Cybersecurity (ENISA), affected key hubs such as Heathrow, Brussels, and Berlin, leading to hundreds of delayed and cancelled flights. Passengers faced long processing times as airports reverted to manual check-ins and paper boarding passes, revealing serious weak points in European Airport and data security infrastructure.
The attack began on Friday evening when threat actors used a spear-phishing email to deliver a ransomware payload similar to the REvil/Sodinokibi family, encrypting crucial data with AES-256 encryption and restricting access by appending “.locked” to files. Investigations suggest the attackers exploited a zero-day vulnerability in Citrix ADC appliances and used advanced tactics including credential harvesting and lateral movement to spread through the network. Collins Aerospace’s systems, including domain controllers, were significantly impacted, cascading disruptions across airport kiosks, bag-drop points, and boarding gates.
Collins Aerospace and its parent company RTX are actively working on deploying software patches and decryptor tools to restore operations, while affected airports have advised passengers to check flight statuses online before arriving. This incident highlights the importance of fortifying European Airport and data security protocols against sophisticated cyber threats that can impact critical infrastructure and disrupt travel on a continental scale.
To delve deeper into this topic, visit CybersecurityNews article.
