Berlin-Brandenburg International Airport in Berlin, Germany, was among four airports across Europe working to restore normal operations on Monday in the wake of a malicious ransomware attack that crippled critical IT systems used to check in and board passengers. File Photo by Adam Berry/EPA-EFE
As a cyberattack that plunged European air passengers into chaos stretched into a third day, the European Union said Monday that it wasn’t an isolated incident and criminal gangs were using ransomware to disrupt airport IT around the world.
Malicious ransomware was used to infect software used in airport automatic check-in and boarding systems, the EU Agency for Cybersecurity told the BBC, although it made no mention of any ransom being demanded in exchange for unfreezing the systems.
The gang behind the attack is, as yet, unidentified, but such groups usually demand payment in bitcoin, which cannot be subsequently traced.
European airports, including Brussels, Berlin, and Dublin were continuing efforts to return to normal, with London Heathrow requesting airlines continue to check in and board their passengers manually, leaked international communications showed.
Muse, the affected software is made by Collins Aerospace, a division of Virginia-headquartered defense contractor RTX.
On Monday, Collins said it was working with its clients and was in the final stages of providing updates that would bring the affected systems back online.
Collins Aerospace had yet to confirm it had regained control and secured the system, according to Brussels Airport, but a spokesman told The Guardian that only around 14% and 8% of Monday’s departures and arrivals were canceled.
London-Heathrow appeared to be faring slightly better, with the “vast majority of flights at Heathrow are operating as normal, although check-in and boarding for some flights may take slightly longer than usual,” according to a spokesperson.
“The system is not owned or operated by Heathrow, so while we cannot resolve the IT issue directly, we are supporting airlines and have additional colleagues in the terminals to assist passengers,” the spokesperson said.
Share prices of European airlines were down in morning trade. International Airlines Group, EasyJet and Wizz Air all fell by about 1%. Ireland’s Ryanair was down 1.69%, extending a month-long slide in out-of-hours trading on the NASDAQ, where it has its primary listing.
In July 2024, a glitch with a cybersecurity software update from Texas-based CrowdStrike caused a global IT meltdown, grounding thousands of flights due to issues with their booking and online check-in systems.
United Airlines, American Airlines and Delta Air Lines grounded all flights globally, but over in Europe, Ryanair was also badly hit, while long lines formed at airports in Amsterdam, Berlin, Paris, Manchester and all four of London’s airports.
Airports and carriers in Asia were also impacted.
Emergency 911 call center systems also went down in at least three U.S. states.
There was also disruption to train services, logistics, hospitals, banks, stock exchanges and some TV networks were forced off-air, unable to broadcast.
