The incident involving the ransomware attack that affected European airports over the weekend, resulting in massive flight delays and cancellations, has led to a man being arrested by UK police in relation to the incident. On Tuesday, the suspect was arrested in West Sussex under the Computer Misuse Act by the National Crime Agency, in the frame of an investigation regarding the cyber incident actually affecting Collins Aerospace.
Major European airports face widespread system disruptions
The U.K.’s National Crime Agency said on Wednesday that a man was arrested in connection with the ransomware attack that has caused delays and disruptions at several European airports since the weekend, according to TechCrunch. The hack, which began on Friday, targeted check-in systems provided by Collins Aerospace, causing delays at Brussels, Berlin, and Dublin airports, as well as London’s Heathrow, which lasted until yesterday.
While the NCA did not name the arrested man, the agency said he is “in his forties” and that he was arrested in the southern county of West Sussex on Tuesday under the country’s Computer Misuse Act as part of an investigation into a cyber incident impacting Collins Aerospace. The man was released on conditional bail, according to the agency.
RTX confirms the ransomware nature of the cyberattack incident
RTX (formerly Raytheon Technologies), the defense contractor giant that owns Collins Aerospace, confirmed in a legally required notice filed with the U.S. Securities and Exchange Commission on Wednesday that the cyberattack was related to ransomware. In the 8-K notice, RTX described the cybersecurity incident as “involving ransomware,” without providing specifics about the kind of ransomware used orย the criminal hackersย behind the breach.
Investigation remains in early stages despite arrest
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit, in a statement, according to the National Crime Agency. When reached by TechCrunch, NCA spokesperson Richard Crowe said the agency had nothing else to add beyond the press release.
The Friday cyberattack saw widespread travel delays and disruption, including boarding passes failing at departure gates and some flight cancellations, as many of the affected airports and airlines had to resort to manual check-ins. The company said that the incident affected its check-in software, which resides “on customer-specific networks.”
“Our customers have shifted to back-up or manual processes and have experienced certain flight delaysย and cancellations,” said RTX.
European cybersecurity agency confirms ransomware involvement
RTX’s confirmation that ransomware was to blame for the outage was first revealed by European cybersecurity agency ENISA on Monday. The incident, which was reported on 19 September, affected flights at Heathrow and other European airports over the weekend. NCA officers, supported by the South East ROCU, arrested a man in his forties in West Sussex yesterday evening on suspicion ofย Computer Misuse Actย offences.
Cybercrime poses a persistent global threat to infrastructure
“Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat to protect the British public,” Foster said in his statement.
A spokesperson for RTX did not respond to a request for comment.
The arrest is a breakthrough in the investigation of one of the most disruptive cyberattacks on European aviation infrastructure in recent years. Even though the suspect has been released under conditions, the ongoing investigation underlines the continuing vulnerability that ransomware is causing to the critical infrastructure systems. With the greater adoption of digital systems and technologies in its operations, the incident shows the sense of urgency consequent on improved cybersecurity standards covering all sectors of the aviation industry to counter future assaults.