UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports

A man in his forties has been arrested in West Sussex, England, in connection with a cyber-attack that has caused days of widespread disruption at several major European airports, including London’s Heathrow.

The UK’s National Crime Agency (NCA) confirmed the man was arrested on Tuesday evening on suspicion of offenses under the Computer Misuse Act and has since been released on conditional bail, reports the BBC.

The arrest is part of an ongoing investigation into a significant cyber incident that targeted Collins Aerospace, a U.S.-based company that provides critical check-in and baggage software to numerous airlines.

The attack, which began on Friday night, September 19, 2025, involved ransomware, according to the European Union’s cyber-security agency (ENISA).

Paul Foster, head of the NCA’s National Cyber Crime Unit, stated, “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing”. He emphasized that cybercrime remains a “persistent global threat” causing significant disruption.

Widespread Airport Chaos

The failure of Collins Aerospace’s Muse software, a cloud-based platform for passenger processing, led to severe operational problems at airports across Europe, including those in Brussels, Dublin, and Berlin.

The disruption resulted in hundreds of flight delays and cancellations over the weekend and into the following week. Airports were forced to switch to manual systems, with staff using pen and paper for check-in and boarding procedures.

At Heathrow, extra staff were deployed to assist passengers, but delays continued. An internal memo revealed that Collins Aerospace was still struggling to bring its systems back online after a failed attempt to relaunch them on Monday.

The company has not provided a timeline for recovery and has urged airlines and ground handlers to plan for at least another week of manual workarounds.

On Wednesday, Berlin Airport reported that check-in and boarding were still “largely manual,” leading to “longer processing times, delays, and cancellations by airlines”.

Ransomware attacks are designed to paralyze a victim’s systems until a payment, typically in cryptocurrency, is made.

While the vast majority of flights at Heathrow are now operating as usual, the airport continues to advise passengers to check their flight status before traveling.

The UK’s National Cyber Security Center (NCSC) confirmed it is working with Collins Aerospace, affected airports, and law enforcement to understand the incident’s impact fully.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.