The U.K.’s National Crime Agency (NCA) announced on Wednesday that it has arrested a man in connection with the ransomware attack that disrupted multiple European airports over the weekend.
The cyberattack, which began last Friday, targeted check-in systems operated by Collins Aerospace, a subsidiary of defense giant RTX (formerly Raytheon Technologies). The outage caused widespread travel delays and disruptions at airports in Brussels, Berlin, and Dublin, as well as London’s Heathrow, before systems were restored on Tuesday.
The NCA confirmed that a man “in his forties” was taken into custody in West Sussex on Tuesday under the country’s Computer Misuse Act. He has since been released on conditional bail.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, deputy director and head of the NCA’s National Cyber Crime Unit.
The ransomware attack forced airlines to rely on manual check-in processes, leading to long queues, boarding pass issues, and some flight cancellations.
RTX disclosed details of the incident in an SEC 8-K filing on Wednesday, confirming that ransomware was responsible for the outage but declined to specify the malware strain or the group behind the attack. The company noted that the breach affected software hosted on “customer-specific networks,” forcing airlines to switch to backup procedures.
The European Union Agency for Cybersecurity (ENISA) had already flagged ransomware as the likely cause of the incident earlier this week. RTX has not commented further beyond its regulatory filing.
The investigation remains ongoing as cybersecurity officials continue to assess the impact of the attack on both airlines and passengers.
