UK Arrests Man Linked to Europe Airport Ransomware Attack

Ransomware Attack: Arrest Made in U.K.

The National Crime Agency (NCA) of the U.K. announced on Wednesday the arrest of a man linked to the ransomware attack that has disrupted operations at multiple European airports since the weekend.

Airport Disruptions and Initial Impact

The cyberattack, which commenced on Friday, specifically targeted the check-in systems supplied by Collins Aerospace. This resulted in significant delays at airports including Brussels, Berlin, and Dublin.

London’s Heathrow Airport also experienced disruptions, which persisted until Tuesday. The incident caused considerable inconvenience for travelers.

Details of the Arrest

The NCA has not publicly identified the individual. However, they confirmed he is in his forties and was apprehended in West Sussex on Tuesday.

The arrest was made under the Computer Misuse Act, as part of an ongoing investigation into the cyber incident affecting Collins Aerospace.

Following his arrest, the man was released on conditional bail, as stated by the agency.

NCA Statement and Ongoing Investigation

Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit, emphasized that the investigation is still in its early phases.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” Foster stated.

Richard Crowe, an NCA spokesperson, indicated that no further information would be released beyond the initial press statement when contacted by TechCrunch.

Widespread Travel Chaos

The cyberattack on Friday led to widespread travel delays and significant disruption.

Boarding passes malfunctioned at departure gates, and some flights were canceled. Many affected airports and airlines were forced to implement manual check-in procedures.

RTX Confirms Ransomware Involvement

RTX, the parent company of Collins Aerospace (formerly Raytheon Technologies), confirmed the ransomware attack in a notice filed with the U.S. Securities and Exchange Commission on Wednesday.

The company described the cybersecurity incident as “involving ransomware,” but did not disclose details regarding the specific type of ransomware or the perpetrators.

Impact on Systems and Operations

RTX stated that the incident impacted its check-in software, which operates “on customer-specific networks.”

“Our customers have shifted to back-up or manual processes and have experienced certain flight delays and cancellations,” RTX reported.

The confirmation of ransomware as the cause of the outage was initially revealed by the European cybersecurity agency ENISA on Monday.

Requests for comment from an RTX spokesperson went unanswered.

This article has been updated to include information from RTX’s SEC filing.