The airports of Europe suffered huge inconveniences when Collins Aerospace’s MUSE platform was infected by HardBit ransomware on September 19, which shut down check-in services in major hubs, such as London Heathrow, Brussels, and Berlin. The attack saw Brussels Airport cancel 60 flights and cut capacity by 50 percent, and officials scrambled to institute manual operations.
Huge European airports are brought to their knees by HardBit ransomware
According to Yahoo Finance, the MUSE platform of Collins Aerospace was attacked early on Friday September 19, 2025, just before the middle of the night, causing havoc to major airports in Europe, such as London Heathrow Airport, Brussels, and Berlin. The EU Agency of Cybersecurity verified that this was a ransomware attack incident on September 21. Security experts reported the malware as a form of HardBit ransomware, an incredibly simple and yet effective form of malware that has been known to host ransom requests to insurance limits.
On Monday, 22 September, Brussels Airport had 60 flights cancelled and a 50% capacity reduction in Berlin systems as a result of this attack. Nevertheless, the attacks cause massive disruption of travel. Ironically, Collins Aerospace was about to make the necessary software modifications. The HardBit ransomware was initially announced in October 2022, and the media took notice of it a few months later when it was disclosed that the hackers would accept the ransom payments based on whether the victims had a cyberinsurance policy.
The aviation industry is vulnerable to manual procedures
The attack has indicated that the vast majority of major airports were unprepared to handle the disruption on a mass scale and instead had to rely on manual procedures when the systems failed. Inequality in their preparedness to respond also became evident in the attack. As an example, Munster Onsabruck Airport could rapidly transition to independent systems and show more resilience.
Research indicates advanced ways of attack and apprehension
According to Security Week, cyberspace professional Kevin Beaumont announced on Tuesday that it was a variant of HardBit, termed as unbelievably simple by him. Beaumont was told by the sources that Collins Aerospace has been struggling to get rid of the malware, and devices are becoming infected again after cleaning them up. The BBC announced earlier this week that it had over one thousand computers possibly affected and that Collins had discovered that the hackers were still within its network after it had rebuilt and restarted systems.
SecurityWeek reported that Dominic Alvieri, an expert in ransomware, said that HardBit was also involved in the attack, according to his sources. But the researcher indicated that the HardBit ransomware is sold under an affiliate program, and anybody could have used it to attack Collins Aerospace. Alvieri also noted that certain HardBit affiliates have been reported to utilize the Mimic ransomware, too, which can make attribution difficult. But the expert does not think so in this instance.
British police get a breakthrough in a cyberattack investigation and arrest
Collins Aerospace MUSE software is deployed by various airlines in numerous airports to process check-in, baggage, and boarding. Its software is so ubiquitous in airports and airlines, which underscores the level of dominance it has over airlines and the weakest links in the sector. A report by the World Economic Forum indicated that 54 percent of large organisations face challenges in attaining cyber resilience because of supply chain challenges.
The Collins Aerospace ransomware attack reveals vulnerabilities of critical aviation infrastructure, showing how a single point of failure may spread to various international airports. The incident is a wake-up call to the aviation industry to prepare to a greater degree for the issue of cybersecurity and to implement powerful backup systems, as the investigation proceeds and the suspect is on bail.