UK Police Arrest Suspect Tied to Ransomware Attack on European Airports

A person in his forties has been arrested in connection with a cyber-attack that caused days of disruption at several major European airports, including London Heathrow.

The National Crime Agency (NCA) confirmed that officers detained the man on Tuesday evening in West Sussex on suspicion of offences under the Computer Misuse Act. He has since been released on bail as investigations continue.

Arrest and Investigation

The NCA said the arrest was made “as part of an investigation into a cyber incident impacting Collins Aerospace,” the US-based supplier of baggage handling and check-in software.

Collins Aerospace systems failed on Friday night, forcing airlines and ground handlers at airports such as Heathrow, Brussels, Dublin and Berlin to resort to pen, paper and manual processes.

An internal memo seen by the BBC revealed that Heathrow staff were informed of continued system difficulties and advised of contingency procedures.

Paul Foster, head of the NCA’s national cyber crime unit, described the arrest as a positive step but stressed that the inquiry is still at an early stage and remains ongoing.

Collins Aerospace’s parent company, RTX Corporation, expressed gratitude for the NCA’s “ongoing assistance in this matter.”

The US firm declined to provide a timeline for restoring automated services and urged airlines and ground handlers to plan for at least another week of manual workarounds.

The ransomware attack led to hundreds of flight delays and cancellations over the weekend, with some airports still grappling with knock-on effects this week.

Heathrow Airport noted that most flights are now operating as normal but advised passengers to check flight status before traveling.

Berlin Airport reported that check-in and boarding remain largely manual, causing longer processing times and sporadic cancellations.

Brussels Airport encouraged travelers to complete online check-in ahead of arriving at the terminal.

On Monday, the European Union Agency for Cybersecurity (ENISA) confirmed that ransomware was deployed in this incident.

Ransomware attacks encrypt critical systems and demand payment often in cryptocurrency to restore data.

Such attacks have surged in the aviation sector, with organized cyber-crime gangs earning hundreds of millions of pounds annually from ransoms.

According to a report, cyber-attacks targeting aviation have increased by around 600 percent over the past year.

While the suspect remains on bail, the wider inquiry will seek to unravel the full extent of the attack, its origins and any potential links to other high-profile breaches.

For now, airports and airlines are bracing for further manual operations as they work with Collins Aerospace and law enforcement to secure systems and prevent a recurrence.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.