Europe’s aviation sector has once again found itself at the mercy of cyber criminals. The EU Agency for Cybersecurity (ENISA) confirmed on Monday that ransomware was used to cripple check-in and boarding systems across several major airports, forcing manual workarounds and widespread flight cancellations.
The incident, which targeted the Muse software provided by Collins Aerospace, left Heathrow, Brussels, and Berlin airports scrambling to restore order. Heathrow acknowledged that “the vast majority of flights have continued,” yet thousands of passengers faced delays. Brussels Airport cancelled nearly 140 flights on Monday alone.
An internal Heathrow memo seen by the BBC suggested that more than 1,000 machines were corrupted, with Collins’ initial system rebuilds proving futile as hackers remained inside the network. The company has since been racing to patch its systems, while law enforcement investigates the origins of the attack.
While this latest assault highlights aviation’s vulnerability, it is far from the first. In 2017, the WannaCry ransomware crippled systems across the globe, grounding flights and halting operations at FedEx and Telefonica. In 2021, the DarkSide gang brought the U.S. Colonial Pipeline to a standstill, underscoring how ransomware can paralyse critical infrastructure.
Aviation itself has been an attractive target. In 2020, EasyJet admitted to a breach affecting nine million customers. More recently, Scandinavian airline SAS faced outages after suspected ransomware intrusions, reflecting a broader trend that Thales reports has grown by 600% in the aviation sector over the past year.
Most attacks are orchestrated by professionalised cyber-crime syndicates. Such as REvil and LockBit who dominate the ransomware market, operating as de facto multinationals with franchised affiliates and customer service models. Europol estimates that global ransomware gangs reap billions annually, often demanding payments in Bitcoin to obscure their tracks.
The criminal ecosystem has become increasingly resilient, with groups disbanding under pressure only to re-emerge under new names. Analysts warn that attacks are likely to intensify as AI-driven malware accelerates intrusion and evasion capabilities.
Passengers are the immediate victims—facing cancelled flights, missed connections, and financial losses. Yet the long-term stakes are higher. “Aviation is a critical artery of Europe’s economy,” says Prof. Ciaran Martin, former head of the UK’s National Cyber Security Centre. “Any sustained disruption undermines supply chains, business travel, and public confidence.”
ENISA has urged governments and airlines to invest in resilience rather than ransom. Proposed solutions include:
- Segmentation of IT systems to prevent full-scale shutdowns.
- Mandatory cyber-incident disclosure laws to increase transparency.
- International cooperation between Europol, Interpol, and NATO to track cross-border gangs.
- Cyber drills for critical infrastructure akin to military war games.
- Zero-trust architecture adoption to limit lateral movement within networks.
Private operators, including airports and software vendors, face mounting pressure to enhance redundancy. “Manual fallbacks are necessary, but we need layered defences to ensure continuity,” notes a senior analyst at RAND Europe.
For now, Collins Aerospace has assured clients it is “in the final stages” of restoring systems. But the attack serves as a stark reminder that airports—once built to withstand terrorism and hijackings—must now fortify themselves against a new, invisible threat.
The question facing Europe and the wider world is not whether cyberattacks on aviation will recur, but how prepared the sector will be when they inevitably do.
