• Home
  • cyber
  • Heathrow Airport and Collins Aerospace: Airport chaos highlights rise in high-profile ransomware attacks, cyber experts say
cyber Ransomware

Heathrow Airport and Collins Aerospace: Airport chaos highlights rise in high-profile ransomware attacks, cyber experts say

Jun 16, 2024 2 min read
Heathrow Airport and Collins Aerospace: Airport chaos highlights rise in high-profile ransomware attacks, cyber experts say

European Airports Hit by Major Ransomware Attack, Stranding Thousands

A weekend cyberattack disrupted check-in and boarding systems at multiple major European airports on September 20, 2025, causing widespread flight delays and cancellations. The incident, which affected Heathrow Airport Terminal 4 and other locations, left thousands of passengers stranded as airlines struggled with manual processing.

The attack targeted Collins Aerospace, a subsidiary of RTX, though no ransomware group has yet claimed responsibility. Cybersecurity experts noted that while most ransomware operations focus on financial extortion, a growing subset of attackers particularly Western-based groups are pursuing high-profile targets for reputational clout within criminal networks. Rafe Pilling, Director of Threat Intelligence at Sophos, warned that these "outliers" are becoming more ambitious, prioritizing disruption over purely monetary gains.

The European Union Agency for Cybersecurity (ENISA) confirmed the breach on September 22, highlighting the increasing boldness of cybercriminals. Martyn Thomas, Emeritus Professor of IT at Gresham College, cautioned that such attacks could escalate to critical infrastructure or healthcare systems, risking physical harm if motivations shift.

The incident follows a pattern of rising high-impact ransomware attacks, including a 2024 breach of London’s Transport for London (TfL), which the UK National Crime Agency (NCA) attributed to the Scattered Spider group. That attack, linked to two teenagers, caused millions in losses and demonstrated the growing threat posed by organized cybercriminal networks.

While the exact perpetrators of the airport hack remain unidentified, the event underscores the escalating risks of ransomware as attackers expand their targets and tactics.

Source: https://www.reuters.com/legal/government/airport-chaos-highlights-rise-high-profile-ransomware-attacks-cyber-experts-say-2025-09-22/

Heathrow cybersecurity rating report: https://www.rankiteo.com/company/heathrow-airport

Collins Aerospace cybersecurity rating report: https://www.rankiteo.com/company/collins-aerospace

"id": "HEACOL1768614271",
"linkid": "heathrow-airport, collins-aerospace",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Thousands of passengers',
                        'industry': 'Aviation',
                        'location': 'London, UK',
                        'name': 'Heathrow Airport Terminal 4',
                        'type': 'Airport'},
                       {'industry': 'Aerospace and Defense',
                        'name': 'Collins Aerospace',
                        'type': 'Subsidiary'},
                       {'industry': 'Aerospace and Defense',
                        'name': 'RTX',
                        'type': 'Parent Company'}],
 'date_detected': '2025-09-20',
 'date_publicly_disclosed': '2025-09-22',
 'description': 'A weekend cyberattack disrupted check-in and boarding systems '
                'at multiple major European airports on September 20, 2025, '
                'causing widespread flight delays and cancellations. The '
                'incident affected Heathrow Airport Terminal 4 and other '
                'locations, leaving thousands of passengers stranded as '
                'airlines struggled with manual processing. The attack '
                'targeted Collins Aerospace, a subsidiary of RTX, though no '
                'ransomware group has yet claimed responsibility.',
 'impact': {'brand_reputation_impact': 'High',
            'operational_impact': 'Widespread flight delays and cancellations, '
                                  'manual processing of passengers',
            'systems_affected': 'Check-in and boarding systems'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The incident underscores the escalating risks of '
                    'ransomware as attackers expand their targets and tactics, '
                    'particularly the growing trend of high-profile '
                    'disruptions for reputational clout rather than purely '
                    'monetary gains.',
 'motivation': 'Reputational clout within criminal networks, disruption',
 'references': [{'source': 'Sophos (Rafe Pilling, Director of Threat '
                           'Intelligence)'},
                {'source': 'European Union Agency for Cybersecurity (ENISA)'},
                {'source': 'Gresham College (Martyn Thomas, Emeritus Professor '
                           'of IT)'},
                {'source': 'UK National Crime Agency (NCA)'}],
 'regulatory_compliance': {'regulatory_notifications': 'European Union Agency '
                                                       'for Cybersecurity '
                                                       '(ENISA)'},
 'title': 'European Airports Hit by Major Ransomware Attack, Stranding '
          'Thousands',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.