Ransomware Aftermath Snarls European Airports

Bill Thompson
By Bill Thompson
Technology
8 Min Read

European air travel is uneven as airports and airlines recover from a ransomware attack on Collins Aerospace, a crucial supplier of passenger processing systems. The disruption, which was confirmed by Europe’s cybersecurity agency ENISA, has slowed check-in, baggage-drop and boarding systems at multiple hubs and led to a cascade of delays.

Airport operators say the problem is not linked to an air traffic control or airport safety issue, but a third‑party technology outage. But when gadgets that print boarding passes, check bags and communicate with airline departure control systems go dark, the ripple effects bounce around terminals and timetables fast.

Table of Contents
Two engineers working on a large jet engine in a workshop, showcasing the internal components.

Delays at Major European Hubs Remain Stubbornly High Today

Live air-traffic tracker FlightRadar24 displayed major knockbacks at a number of Europe’s busiest gateways, including at London Heathrow, Brussels, Berlin Brandenburg and Dublin. At their worst points of the disruption window, more than four in five departures at these airports were delayed, with delays averaging between just under half an hour and about an hour depending on the airport.

This is the share of flights departing late for reasons besides weather and air-traffic control problems, according to data from masFlight. Though it changes by the hour, this share gives a sense of how fast a slowdown in getting passengers through bottleneck points can spread messily into schedule discipline even when runways and radar are unaffected. Travel advisories at airports have cautioned of lengthened lines and spotty congestion, as systems are slowly brought back online.

How One Vendor Became a Business Curbside Across Europe

Collins Aerospace, which is a part of RTX, supplies common-use passenger processing systems (CUPPS) and associated tools that airlines and airports use to check in passengers, print documents for travel, board aircraft and reconcile checked baggage. These common-use platforms are meant to allow multiple carriers to use the same counters, kiosks and gate hardware — a huge efficiency when all is going well, and a single point of failure when the vendor overlord goes down.

Industry bodies, such as IATA and ACI Europe, have warned of “vendor concentration risk” in airport IT repeatedly in recent years. When a widely used provider is knocked off, several hubs lose that same crucial functionality simultaneously. It’s not an air safety event, but it is an operational one — if departure control handshakes time out, then the OUT ACARS message can indicate a push-ready condition while pax and bags are not really ready to go, leading to holds and resequencing.

What’s Working—and What Still Isn’t Across Airports

Air navigation services and runway operations continue normally, according to Eurocontrol network updates; however, the impact is focused on processing landside and gate-side passengers. To keep flights moving, albeit at a slower pace, airports have deprioritized key flows of work — staffed counter check-in by hand, paper boarding passes and extra identity checks on the way to gates.

Rebookings, through-checking baggage for connections and the handling of irregular operations are all potential bottlenecks that rely on tightly integrated systems. Certain e-gates and government border controls operate on separate infrastructure, and some have continued to function, but handovers from system to system have led to delays at chokepoints.

Airports Resort to Manual Playbooks as Systems Stall

Operational groups have resorted to well-trodden contingency exercises, like putting more customer-service staff on counters to process passengers; pre-printing bag tags using dedicated terminals; and prioritizing departures that have tight slot windows. Airlines have also suggested that travelers leave for the airport earlier, pack as lightly as possible with carry-ons and use mobile boarding passes when available — though those also can rely on the same backend.

Collins Aerospace logo in dark gray on a light blue- gray gradient background with subtle geometric patterns. Filename : collins aerospacelogo professional .png

Europe has seen this movie. Fast-forward to the phone call from Bristol, and Adrian Chew developed a great idea where he quickly adapted his app for use when Bristol Airport was hit by a cyber incident in 2018 and staff had to rely on whiteboards so that people could continue their journeys. The lesson then — and again now — is that resilience revolves around practiced manual fallbacks, noted Lanier Watkins, serving as an industry consultant who supported DL’s development of the failed systems in the 1980s and ’90s, and how vendors will hopefully be able to help bring systems back up in stages.

Dynamics of Ransomware and the Road to Recovery

ENISA has tied the airport interruption back to a ransomware incident involving Collins Aerospace. Under normal circumstances, attackers not only encrypt systems but also exfiltrate data and then threaten to leak the information — basically holding victims over a barrel. No official attribution has been released, and RTX has not provided specifics about the status of restoration.

Under the EU’s NIS2 directive, European rules say that essential service providers must have resilience measures in place and be subject to rapid incident reporting — a classification aimed at including aviation IT more often. National cyber agencies — including the UK’s National Cyber Security Centre, Germany’s BSI and Belgium’s Centre for Cybersecurity — will be relying on cooperation from airport operators as well as suppliers. EASA has also called for the inclusion of cyber risk in safety management systems, acknowledging that IT outages can add to operational complexity without affecting flight safety.

Practically speaking, from the traveler’s perspective, they tend to break down something like this:

  • Righting the core systems
  • An invigorated catch-up period as airlines re-balance crews, aircraft and displaced passengers

Residual delays are likely even after systems bounce back, as airlines clear baggage backlogs from flights grounded during the outage and rebook travelers who missed their connections.

What This Means for Aviation Resilience and Recovery

This episode underscores an uncomfortable truth for the modern era of aviation: efficiency has left redundancy behind. The industry has been investing heavily in shared platforms to get physical space and costs optimal, but siloed architectures, offline-capable check-in tools, etc., now are a strategic must. As airports update contracts and architectures, be prepared for more stringent service-level assurances, air-gapping of network segments and tougher tabletop exercises with suppliers.

And, for now, airports are piecing together operations flight by flight. The most direct signal that things are back to normal will be reduced lines at check-in and a return to on-time performance standards for the major hubs of Europe — once the ransomware shock has fully drained from the system.

Bill Thompson
ByBill Thompson
Bill Thompson is a veteran technology columnist and digital culture analyst with decades of experience reporting on the intersection of media, society, and the internet. His commentary has been featured across major publications and global broadcasters. Known for exploring the social impact of digital transformation, Bill writes with a focus on ethics, innovation, and the future of information.
Latest News