Breaking The UK’s National Crime Agency has arrested a man as part of an investigation into a ransomware attack that disrupted airports around the world last weekend.
The attack targeting Collins Aerospace technology caused chaos at airports across Europe and beyond. It began on September 19 and spilled into the working week. It impacted ARINC SelfServ cMUSE software used by airport workers to process traveler check-ins and bag drop functions.
Airports caught up in the incident included London Heathrow, Berlin Brandenburg, and Brussels Airport, leading to hundreds of cancelled flights and extensive delays on both sides of the Atlantic.
Officers from the UK’s National Crime Agency, supported by a regional organized crime unit, arrested a man in his forties in West Sussex on Tuesday evening on suspicion of Computer Misuse Act offences. He has been released on conditional bail.
NCA deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit, said in a statement: “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing.”
“Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public,” Foster said.
The attack severely impacted commercial aviation operations throughout the weekend. Collins Aerospace confirmed it was experiencing a “cyber-related disruption” that caused electronic customer check-in and baggage drop systems to malfunction, forcing airports to resort to manual check-in processes.
Brussels Airport specifically described the incident as “a cyberattack” – causing electronic customer check-in and baggage drop to malfunction – and advised passengers to expect delays and flight cancellations. Manual check-ins were possible.
On Monday, the EU’s cybersecurity agency confirmed the disruption was caused by a ransomware attack. In a statement to The Register, ENISA said: “We would like to update you that the cyberattack is confirmed to be a ransomware attack.”
No crew has yet claimed responsibility.
The investigation continues as authorities work to understand the full scope of the attack and identify all those responsible. This episode once again highlights the vulnerability of critical infrastructure systems to cybercrims and the potential for widespread disruption when key aviation technologies are compromised. ®