A major international investigation into a ransomware attack that disrupted airports worldwide has led to the first arrest, as authorities work to dismantle the cybercriminal operation behind widespread flight chaos.
The UK's National Crime Agency (NCA) arrested a man in his forties in West Sussex on Tuesday evening, marking a significant breakthrough in the investigation of a ransomware attack that paralyzed air travel across Europe and beyond last weekend.
According to The Register, the cyberattack, which began on September 19, targeted Collins Aerospace's ARINC SelfServ cMUSE software—a critical system used by airport workers to process passenger check-ins and baggage operations. The breach forced major hubs including London Heathrow, Berlin Brandenburg, Brussels Airport, Dublin, and Cork to revert to manual processing, causing hundreds of flight cancellations and extensive delays.
"Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing," said Paul Foster, deputy director of the NCA's National Cyber Crime Unit. The suspect was released on conditional bail as the investigation continues.
The European Union Agency for Cybersecurity (ENISA) officially confirmed the incident as a ransomware attack, though no criminal group has claimed responsibility. Collins Aerospace, owned by defense contractor RTX (which also operates Raytheon), acknowledged experiencing "cyber-related disruption" affecting electronic customer systems globally.
Brussels Airport bore the heaviest impact, with airlines forced to cancel nearly half of Monday's flights. FlightAware data showed Brussels recording 18 cancellations and 23 delays, while Heathrow maintained near-normal operations through rapid contingency measures.
The attack highlights the vulnerability of aviation infrastructure to cybercriminals and the cascading effects when critical systems are compromised. As the investigation expands internationally, authorities emphasize that cybercrime remains a persistent global threat requiring coordinated response efforts.
Travelers are advised to use online check-in services where available and arrive at airports with extra time to accommodate potential processing delays.