UK Arrests Man Linked to Ransomware Attack That Caused Airport Disruptions Across Europe

The U.K.’s National Crime Agency (NCA) announced on Wednesday that a man has been arrested in connection with the ransomware attack that disrupted several European airports over the weekend.

The cyberattack, which began on Friday, targeted check-in systems operated by Collins Aerospace, resulting in delays at Brussels, Berlin, Dublin, and London’s Heathrow airports, with disruptions continuing until Tuesday.

While the NCA did not identify the suspect, officials confirmed he is “in his forties”. They were arrested in West Sussex on Tuesday under the Computer Misuse Act, as part of an investigation into the Collins Aerospace incident. The man has since been released on conditional bail.

“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.

When contacted, NCA spokesperson Richard Crowe said the agency had no further comment beyond the official statement.

The cyberattack forced airports and airlines to revert to manual check-ins, causing widespread travel chaos, including boarding pass failures at departure gates and even some flight cancellations.

RTX (formerly Raytheon Technologies), parent company of Collins Aerospace, confirmed in a legally required filing with the U.S. Securities and Exchange Commission (SEC) on Wednesday that the incident involved ransomware.

In the 8-K filing, RTX stated the cybersecurity breach impacted check-in software hosted on customer-specific networks.

“Our customers have shifted to back-up or manual processes and have experienced certain flight delays and cancellations,” the company said.

The confirmation that ransomware was responsible was initially disclosed by the European Union Agency for Cybersecurity (ENISA) on Monday. However, RTX has not provided details on the ransomware variant or the group behind the attack.

A spokesperson for RTX declined to comment further.

Updated with new information from RTX’s SEC filing.