In a significant development, UK law enforcement has apprehended a man in his forties from West Sussex in connection with a cyberattack that severely disrupted operations at major European airports, including London’s Heathrow. The arrest, executed by the National Crime Agency (NCA), is part of an ongoing investigation into a ransomware incident targeting Collins Aerospace, a U.S.-based company providing critical check-in and baggage software to numerous airlines.
The Cyberattack and Its Impact
The cyberattack commenced on Friday night, September 19, 2025, and involved ransomware that compromised Collins Aerospace’s Muse software—a cloud-based platform essential for passenger processing. This breach led to widespread operational challenges at several European airports, notably in Brussels, Dublin, and Berlin. The disruption resulted in hundreds of flight delays and cancellations over the weekend and into the following week. Airports were compelled to revert to manual systems, with staff resorting to pen-and-paper methods for check-in and boarding procedures.
At Heathrow, additional staff were deployed to assist passengers, yet delays persisted. An internal memo revealed that Collins Aerospace faced difficulties restoring its systems after a failed relaunch attempt on Monday. The company has not provided a definitive timeline for recovery and has advised airlines and ground handlers to prepare for at least another week of manual operations. As of Wednesday, Berlin Airport reported that check-in and boarding processes remained largely manual, leading to longer processing times, delays, and cancellations by airlines.
The Arrest and Ongoing Investigation
The suspect was arrested on Tuesday evening on suspicion of offenses under the Computer Misuse Act and has since been released on conditional bail. Paul Foster, head of the NCA’s National Cyber Crime Unit, stated, Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing. He emphasized that cybercrime continues to be a persistent global threat causing significant disruption.
Broader Implications and Response
Ransomware attacks are designed to paralyze a victim’s systems until a payment, typically in cryptocurrency, is made. The UK’s National Cyber Security Center (NCSC) confirmed it is collaborating with Collins Aerospace, affected airports, and law enforcement to fully understand the incident’s impact. While the vast majority of flights at Heathrow are now operating as usual, the airport continues to advise passengers to check their flight status before traveling.
Contextualizing the Incident
This incident underscores the growing threat of cyberattacks targeting critical infrastructure. In recent years, there has been a marked increase in ransomware attacks on various sectors, including healthcare, finance, and transportation. The aviation industry, with its complex and interconnected systems, presents a particularly attractive target for cybercriminals. The disruption caused by such attacks not only affects the airlines and airports but also has a cascading effect on passengers and the broader economy.
Preventative Measures and Industry Response
In response to the increasing threat landscape, the aviation industry has been investing in enhancing its cybersecurity posture. This includes implementing advanced threat detection systems, conducting regular security audits, and fostering collaboration between industry stakeholders and government agencies. However, the evolving nature of cyber threats necessitates continuous vigilance and adaptation.
Conclusion
The recent arrest in connection with the European airport ransomware attack represents a significant step in addressing cyber threats targeting critical infrastructure. It highlights the importance of robust cybersecurity measures and the need for ongoing collaboration between the public and private sectors to safeguard against future incidents. As the investigation continues, it serves as a stark reminder of the pervasive and evolving nature of cybercrime in today’s digital age.
