UK arrests man in airport ransomware attack that caused delays across Europe

The UK’s National Crime Agency arrested a man in West Sussex in connection with a ransomware attack that caused significant flight delays last week and forced many airlines to check passengers and luggage manually. The cyberattack

impacted several airports across Europe, including London’s Heathrow and Berlin’s Brandenburg. The agency shared little about the arrest in its announcement today other than that the target was “a man in his forties” and that he was released on conditional bail as the investigation progresses.

The attack targeted the Multi-User System Environment (MUSE) used by airports, a piece of software developed by Collins Aerospace which allows multiple airlines to share a single check-in desk. While some larger airlines like British Airways were able to switch to a backup system and minimize the impact, many smaller providers resorted to manually checking-in passengers, something that has largely fallen out of favor in the era of smartphones and self-serve kiosks.

Information is very limited, though it does not appear that this was a particularly sophisticated attack carried out by some powerful cabal. Cyber security expert Kevin Beaumont claimed on Mastodon that a very simple ransomware tool called Hardbit was the weapon of choice. Though, BleepingComputer says its sources are suggesting a different variant called Loki was used. But, as BleepingComputer points out, both of these are Ransomware-as-a-Service tools, and generally used in smaller scale attacks, not the sort of thing that brings air traffic to a crawl across an entire continent.