UK arrests man in airport ransomware attack that caused delays across Europe

The National Crime Agency of the United Kingdom arrested a man from West Sussex as part of a ransomware attack which caused significant flight delays last week and forced many airlines to manually check passengers and luggage. The cyber attack had an impact on several airports across Europe, including Heathrow from London and Brandeburg de Berlin. The agency shared little on the arrest in its announcement today, apart from that the target was “a man in his forties” and that he was released under conditional surety as the investigation progresses.

The attack has targeted the environment of the multi-user system (MUSE) used by airports, software developed by Collins Aerospace which allows several airlines to share a single registration office. While some large airlines like British Airways have been able to switch to a backup system and minimize the impact, many small suppliers have used passengers in manually recording, which has largely fallen into disgrace in the era of smartphones and self-service kiosks.

The information is very limited, although it does not seem to be a particularly sophisticated attack carried out by a powerful cabal. Cybersecurity expert Kevin Beaumont said on Mastodon that a very simple ransomware tool called Hardbit was the weapon of choice. However, Bleeping Compompute said his sources suggest that a different variant called Loki has been used. But, as Bleeping Compompute Underlines, the two are ransomware tools as a service, and generally used in smaller attacks, and not the kind of thing that brings air traffic to a whole continent.