NCA Arrests Suspect Linked to Collins Aerospace Ransomware Incident

Britain’s National Crime Agency has arrested a man in connection with a ransomware attack on Collins Aerospace, which caused severe disruptions at several European airports.

 

Collins Aerospace, a unit of RTX, provides the vMUSE system used for check-in, baggage tagging, and boarding. A cyberattack on the platform caused widespread flight delays and cancellations over the weekend.

 

In a security notice, Brussels Airport confirmed that a cyberattack on Collins Aerospace disrupted operations at several European airports, including its own. A Heathrow spokesperson stated that most flights were operating normally, though some experienced delays at check-in and boarding.

 

“This system is not owned or operated by Heathrow, so while we cannot resolve the IT issue directly, we are supporting airlines and have additional colleagues in the terminals to assist passengers.”

 

Airports in Dublin and Berlin have also faced delays due to IT issues. With kiosks and bag-drop machines offline, airline staff have had to switch to manual processing. A spokesperson for Dublin Airport stated that no cancellations were expected on Monday, though they could not be ruled out. On Sunday, Aer Lingus reported being “significantly impacted” by the disruption.

 

The EU Agency for Cybersecurity (ENISA) confirmed that Collins Aerospace was hit by a ransomware attack, where hackers infiltrated its network, stole sensitive data, and encrypted key systems—demanding ransom for a decryption key.

 

On September 24, the National Crime Agency (NCA) announced in a press release that a man had been arrested in West Sussex in connection with a cyber incident affecting Collins Aerospace. The arrest was made on suspicion of offences under the Computer Misuse Act. The individual has since been released on conditional bail.

 

In a statement shared with the media, Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said, “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing.

 

“Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public,” he added.