Article Details

UK arrests suspect for RTX ransomware attack causing airport disruptions. The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. The NCA stated that the arrest was made following an investigation into the cyberattack that impacted Collins Aerospace's Multi-User System Environment (MUSE) passenger processing software. "NCA officers, supported by the South East ROCU, arrested a man in his forties in West Sussex yesterday evening on suspicion of Computer Misuse Act offences," the law enforcement agency said in a Wednesday press release. "Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing," Paul Foster, head of the NCA's National Cyber Crime Unit, added. While the investigation is ongoing, the suspect has since been released on conditional bail, according to an NCA statement. RTX Corporation (formerly Raytheon Technologies), the owner of Collins Aerospace, which employs over 186,000 people worldwide and has reported revenues of over $80 billion last year, has confirmed that a MUSE ransomware attack is causing disruptions at European airports. "This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling. The MUSE airport systems operate outside of the RTX enterprise network, residing on customer-specific networks," RTX said in a filing with the Securities and Exchange Commission (SEC) on Wednesday. The ransomware attack was detected on Friday, September 19, when the first reports of flight delays emerged, and has caused a wave of flight cancellations and delays. The list of airports experiencing technical difficulties includes Heathrow in London, Brussels Airport, Cork and Dublin airports in Ireland, Berlin Brandenburg Airport, and many others. "Upon detecting the incident, the Company activated its incident response plan and promptly took steps to assess, contain, respond to and remediate the incident. The Company is diligently investigating the incident with the assistance of internal and external cybersecurity experts and has notified domestic and international law enforcement authorities and certain other government agencies," RTX added. "The Company is also communicating with its customers and other stakeholders and providing technical support and guidance to affected airlines and airports. Our customers have shifted to back-up or manual processes and have experienced certain flight delays and cancellations." Picus Blue Report 2025 is Here: 2X increase in password cracking 46% of environments had passwords cracked, nearly doubling from 25% last year. Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.