Since Friday, Europe’s busiest airports have been severely impacted following a cyberattack targeting automated check-in platforms.
Published On 22 Sep 2025
A ransomware attack has disrupted operations at major airports across the UK, Germany, and Belgium, according to the European Union Agency for Cybersecurity (ENISA).
ENISA announced on Monday that authorities are actively investigating the malicious software responsible for encrypting data and demanding payment to restore access.
Details about the origin of the ransomware remain undisclosed.
Starting Friday evening, numerous prominent European airports experienced interruptions after cybercriminals compromised automated check-in systems created by Collins Aerospace, impacting numerous flights and thousands of travelers.
Collins Aerospace, a subsidiary of defense contractor RTX (formerly Raytheon Technologies), confirmed on Monday that it is collaborating closely with affected airports, including Brussels and London Heathrow, and is nearing completion of system updates to fully reinstate services.
Despite these efforts, Berlin Brandenburg Airport’s check-in services remained offline on Monday, causing departure delays exceeding one hour.
At Brussels Airport, staff resorted to using iPads and laptops to manually process passenger check-ins. The airport reported that out of 550 scheduled flights on Monday, 60 were canceled.
Rafe Pilling, director of threat intelligence at British cybersecurity firm Sophos, noted that while ransomware attacks targeting high-profile organizations have increased due to their visibility, such disruptive incidents are still relatively rare.
“Although disruptive cyberattacks are becoming more noticeable in Europe, this does not necessarily indicate a rise in their frequency,” Pilling told Reuters.
He added, “Large-scale attacks that cause tangible disruptions beyond the digital realm remain uncommon.”
In a recent survey by German industry association Bitkom involving around 1,000 companies, malware was identified as the most prevalent cyber threat. Approximately one in seven respondents admitted to paying ransoms to regain access to encrypted data.
The report highlighted that ransomware remains the most effective cyberattack method, with ransom payments reaching an unprecedented 202 billion euros ($238 billion) this year.
