Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Ransomware, not Russia, to blame for cyber incident that continues to disrupt major airports throughout UK and Europe.
ENISA, the European Union Agency for Cybersecurity, has pointed the finger at a ransomware incident as the cause of major outages at a string of airports in the UK and EU over the weekend.
“ENISA is aware of the ongoing disruption of airports’ operations, which were caused by a third-party ransomware incident,” an ENISA spokesperson said overnight.
“At this moment, ENISA cannot share further information regarding the cyber attack.”
ENISA said it knows the type of ransomware employed, but has not shared any details of the threat actor behind the incident. While there has been some speculation that hackers linked to the Scattered Spider collective may be behind the attack, no actor has yet claimed responsibility for the incident.
The United Kingdom’s National Centre for Cyber Security has also released a statement regarding the incident.
“We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident,” an NCSC spokesperson said.
“All organisations are urged to make use of the NCSC’s free guidance, services and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats.”
In a heightened atmosphere following multiple violations of EU airspace by Russian assets in recent days, UK LibDems MP Calum Miller had called for an investigation into possible Russian involvement with the Collins Aerospace hack.
“After the flagrant violation of Estonian airspace, the government needs to urgently establish if Vladimir Putin is now attacking our cyber systems,” Miller said.
According to SOCRader, one NATO-linked security expert called the attack “very clever,” while other theories have suggested a link to a broader “cyber axis” made up of Russia, China, Iran, and North Korea. A possible motivation could be Collins Aerospace’s ties to NATO as a defence contractor.
The initial attack took place on the evening of Friday, September 19, effectively halting electronic check-ins using Collin Aerospace’s Muse platform. Disruption continued into Saturday and Sunday, with more than 25 flight cancellations, hundreds of delays, and operators forced to switch to manual check-in processes.
“We have become aware of a cyber-related disruption to our Muse software in select airports. We are actively working to resolve the issue and restore full functionality to our customers as quickly as possible,” Collins Aerospace said on September 20.
“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations. We will share more details as they are available.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
