Airport chaos highlights rise in high-profile ransomware attacks: cyber experts

by | Sep 22, 2025 | Eco/Invest/Demography, International News, Non-Life, Risk Management, Technology | 0 comments

The European Union’s cybersecurity agency ENISA confirmed on Monday that the hack on Collins Aerospace, owned by RTX , was a ransomware attack, but did not say where the attack originated from. The outage, which hit check-in and baggage drop services, has affected dozens of flights since Friday

LONDON: Cybercriminals are taking greater risks by hitting high-profile targets to get bigger payoffs and boost their online reputational clout, cybersecurity experts said, after a weekend hack crippled airport check-in systems across Europe and stranded thousands of passengers.

The European Union’s cybersecurity agency ENISA confirmed on Monday that the hack on Collins Aerospace, owned by RTX , was a ransomware attack, but did not say where the attack originated from. The outage, which hit check-in and baggage drop services, has affected dozens of flights since Friday.

“Broadly, the majority of ransomware activity is still geared towards extortion through data encryption and theft,” said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.

“The subset of attacks deliberately engineered for maximum disruption, often by Western-based groups, are the outliers, but they are becoming more visible and more ambitious,” he added.

It was not clear which group was behind the hack. Ransomware gangs routinely publicise attacks and leak stolen data on dark web “leak sites,” but websites that monitor those portals had not, as of Monday, detected any group claiming Collins Aerospace, or RTX, as a target.

Ransomware is malicious software used by cybercriminals to encrypt a company’s data and demand payment for its release. They typically operate in the shadows, and many try to avoid targets which might earn them unwanted attention from law enforcement agencies.

Other groups, however, are becoming more brazen in the kind of targets they choose, cybersecurity experts said.

In April, a group of hackers dubbed Scattered Spider was widely reported to be behind an attack that crippled British retailer Marks & Spencer (MKS.L), opens new tab, preventing one of the best-known names in British retailing from taking online orders for weeks.

Last Thursday, Britain’s National Crime Agency charged two teenagers over a 2024 cyberattack on London’s Transport for London, which it said caused “significant disruption and millions in losses”.

Reuters

Submit a Comment

Your email address will not be published. Required fields are marked *