Hundreds of flights canceled as ransomware drama continues

The progress of technology was supposed to bring us a myriad of benefits. And it did. However, everything comes with a price, and sometimes the price isn’t visible at the first glance. Those benefits came in fully packed with a multitude of harms.

Relying too heavily on technology has its obvious disadvantages. Yet what many people often don’t realize is that technology is also making us vulnerable. Cyberattacks, phishing scams, internet fraud, and ransomware are very real and happen daily.

What is the difference between a cyberattack and ransomware?

Cyberattack is a general term for malicious activity against computer systems and networks, while ransomware denotes a specific type of cyberattack: “a type of malware that encrypts files, locking access until a ransom is paid,” according to a report from Proven Data.

While you may think, just like I did, that these things won’t happen to you, or that all this cyberattack talk shouldn’t concern you, you might be wrong. This summer, while on vacation, I received a text that a payment of around $50 had been made.

I still don’t know where I inserted my card information that it was unsecured, but it happened. We are all vulnerable to some degree, sometimes even indirectly.

Cyberattack statistics:

• More than 2,200 cyberattacks happen every day.
• There’s one attack every 39 seconds.
• This year so far, ransomware accounted for 68% of all registered threats.
• Global cybercrime damages are estimated at $10.29 trillion, according to a report from DemandSage.

On September 19, a cyberattack caused significant disruptions to several European airports, impacting thousands of passengers.

Ransomware attack on MUSE airport software confirmed

On September 22, European cybersecurity agency ENISA confirmed a third-party ransomware attack targeting boarding and check-in systems on the popular MUSE software, operated by U.S. company Collins Aerospace and owned by RTX, reported Reuters.

The cyberattack mostly affected airports in Berlin, Brussels, and London Heathrow. Brussels Airport canceled half of its Sunday and Monday departures.

Related: 5 things you should know about cyberattacks in 2025

Collins Aerospace suggested that the delays “can be mitigated with manual check-in operations,” reported DW.

Delayed flights and cancellations suggest otherwise. The staff is not able to maintain the level of operations when it has to manually write out baggage tags and perform checks that are otherwise done online.

This incident highlights how vulnerable major institutions, facilities, and organizations are due to their dependence on technology and how important it is to invest in professional cybersecurity.

Airports continue to delay, cancel flights after ransomware attack on passenger check-in software

Collins Aerospace said on Monday that it is cooperating with the affected airports and that the MUSE software restoration is almost complete, according to BBC.

On Monday, Berlin Airport reported delays of more than an hour for departures, as its check-in systems weren’t operational.

Related: American Airlines quietly cancels flight, adjusting its routes

Brussels Airport canceled about 60 flights on Monday, out of 550 scheduled.

It appears that Dublin Airport had “minimal” disruptions, while at London Heathrow, Terminal 4 saw the worst disruption, with several departures taking off two hours behind schedule on the evening of Sept. 21 and manual check-in still being in effect, reported The Independent.

“Airlines across Heathrow have implemented contingencies whilst their supplier Collins Aerospace works to resolve an issue with their airline check-in systems at airports across the world,” a Heathrow spokesperson said.

Is this just the beginning? Do other airports face ransomware risks?

Collins’ software is used across more than 300 airlines at 100 airports, according to a report by The New York Times.

“The impact is limited to electronic customer check-in and baggage drop,” RTX said.

With MUSE software being used across so many airlines and airports, are other airports now at risk from the same ransomware?

Alan Woodward, an internationally renowned computer security expert with expertise in cybersecurity, cautioned about the potential risks for other airports.

Woodward, who advised the EU’s police agency Europol, suggested that the affected airports might have installed a compromised update on Sept. 19. Another more worrisome scenario suggests that the attackers are using those breaches as leverage, writes DW.

"This could now be a case of Collins trying to get out a version they can be sure is clean of any malicious software. Or it could be the attackers are still in some central system that everybody uses and they're trying to extort Collins by saying: 'There was our proof of concept. We took three major airports out. If you don't pay us money, it's going to spread.'"

Cyberattacks in the aviation industry are rising dramatically

In 2025, the aviation industry saw a 600% year-over-year increase in cyberattacks, according to a recent report by French aerospace company Thales.

“The aviation industry has become a digital battlefield with significant economic and geopolitical interests at stake. The sharp increase in the number of attacks calls for a holistic approach to aviation cybersecurity, further moves to incorporate AI as an ally and closer collaboration between industry and the public sector,” stated Ivan Fontarensky, CTO, Cyber Detection and Response, Thales.

The report further highlights that in addition to disrupting flight operations, cyberattacks can have other objectives. 

Possible ulterior motives of cyberattacks on airports, airlines:

• Industrial cyberespionage
• Access to sensitive technologies
• Disruption of supply chains
• Obtaining high-value information (diplomatic travel itineraries)

Related: Delta Air Lines ordered to make change that will eliminate key flights