A cyberattack that has caused major airport disruptions in the United Kingdom, Germany and Belgium was caused by ransomware, the European Union Agency for Cybersecurity (ENISA) says.

In a statement on Monday, ENISA said law enforcement was involved to investigate the software that holds data until those targeted pay to have their access back.

Recommended Stories

list of 3 itemsend of list

ENISA did not elaborate on where the ransomware had originated.

Since Friday night, several of Europe’s biggest airports have faced disruptions after hackers took out automated check-in systems developed by Collins Aerospace, affecting dozens of flights and thousands of passengers.

Collins Aerospace, owned by weaponsmaker RTX, formerly Raytheon Technologies, said on Monday that it was working with the airports targeted by the ransomware, including Brussels and London’s Heathrow, and was in the final stages of completing updates to help restore them to full functionality.

However, Berlin Brandenburg Airport still did not have its check-in systems restored on Monday, and delays of more than an hour for departures were reported.

At Brussels Airport, iPads and laptops were being used to check in passengers online. Among the 550 departing and arriving flights on Monday, 60 had to be cancelled, the airport said.

According to Rafe Pilling, director of threat intelligence at the British cybersecurity firm Sophos, there have been more ransomware attempts targeting high-profile victims due to the attention they bring but these kinds of attacks have not been happening frequently.

Advertisement

“Disruptive attacks are becoming more visible in Europe, but visibility doesn’t necessarily equal frequency,” he told the Reuters news agency.

“Truly large-scale, disruptive attacks that spill into the physical world remain the exception rather than the rule,” he added.

Last week, the German industry group Bitkom found that in a survey of about 1,000 companies, malicious software was the most common form of cyberattack. One in seven of the companies reported having paid a ransom to access data that had been locked up.

It added that the most effective method remained cyberattacks, often carried out with ransomware, and ransom payments had reached a record high of 202 billion euros ($238bn) this year.