Authorities in the United Kingdom have arrested a man suspected of orchestrating a ransomware attack that disrupted operations at major European airports, including London Heathrow.
The National Crime Agency (NCA) confirmed the arrest of a man in his forties in West Sussex on Tuesday evening, on suspicion of offences under the Computer Misuse Act.
The individual has since been released on bail as the investigation into the cyber incident, which targeted Collins Aerospace, continues.
Arrest and Ongoing Investigation
The suspect’s detention marks the first breakthrough in a probe launched after Collins Aerospace’s baggage handling and check-in systems failed last Friday night.
Airlines relying on the US company’s software were forced to revert to pen-and-paper processes, triggering hundreds of flight delays and cancellations across Heathrow, Brussels, Dublin, and Berlin.
According to an internal Heathrow memo seen by the BBC, Collins Aerospace engineers attempted to restore services on Monday but ultimately chose to rebuild the affected modules from scratch.
Paul Foster, head of the NCA’s national cybercrime unit, described the arrest as a “positive step,” but cautioned that the investigation remains in its early stages.
Impact on Airport Operations
Heathrow Airport deployed extra staff in terminal departure halls to manage manual check-in and baggage screening, yet delays persisted throughout the week.
Berlin Airport noted that check-in and boarding processes were still “largely manual,” resulting in prolonged processing times and sporadic cancellations.
Brussels Airport advised travellers to complete online check-in before arriving, while Dublin Airport continued to experience knock-on effects from weekend disruptions.
Passengers were urged to confirm flight statuses in advance and to allow for extended waiting times at security checkpoints.
On Monday, the European Union Agency for Cybersecurity (ENISA) confirmed that ransomware had been deployed in the attack, encrypting critical system files and demanding payment in cryptocurrency to decrypt them.
Such tactics are increasingly favoured by organised crime syndicates, which raked in hundreds of millions of pounds from ransom payments last year.
A report from Thales, the French aerospace and defence contractor, revealed a 600% surge in cyber-attacks against aviation entities over the past year, underscoring the sector’s growing vulnerability.
Collins Aerospace’s parent, RTX Corporation, welcomed the NCA’s assistance and stressed that it could not yet provide a timeline for full service restoration.
Ground handlers and airline partners have been advised to maintain manual workarounds for at least one more week.
The company’s priority remains ensuring data integrity and reinforcing system resilience to prevent future incursions.
As investigations proceed, industry experts are calling for heightened information sharing and joint contingency planning among airports, regulators, and software providers.
The recent incident illustrates the severe operational and safety risks posed by ransomware and underscores the critical need for robust cybersecurity defences in an increasingly digitised aviation ecosystem.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=The National Crime Agency (NCA) confirmed the arrest of a man in his forties in West Sussex on Tuesday evening, on suspicion of offences under the Computer Misuse Act.){kind=link}