We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and detailed examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of cybersecurity researchers, writers, and editors continues to help readers maintain their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and detailed examination by the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Ransomware Attack Causes Disruptions at Airports Across Europe

Ransomware Attack Causes Disruptions at Airports Across Europe
Hendrik Human Published on September 25, 2025 Cybersecurity Researcher

A cyberattack targeting Collins Aerospace’s MUSE (Multi-User System Environment) caused major disruptions to check-in and boarding systems across Europe. There were chaotic scenes at airports across the UK, Germany, Belgium, Ireland, and other countries as travelers were left unable to check in, and hundreds of flights were canceled.

The outage began on Friday and has persisted into multiple days. According to an internal crisis communications document obtained by the BBC, over a thousand computers were affected at London’s Heathrow airport alone. Check-in and boarding staff were also instructed to use manual workarounds throughout the recovery process.

It also revealed that the threat actors were able to persist inside airport systems even after Collins rebuilt and relaunched its systems in an attempt to eject them. In some cases, the corruption was so severe that not even remote restoration was feasible. The European Union Agency for Cybersecurity (ENISA) says a ransomware attack was the cause.

The impact remained significant up until Tuesday, 23 September. Data from FlightRadar shows that 80%+ of flights were delayed at major airports like Heathrow, Gatwick, Schiphol, Madrid, and Rome (FCO). Brussels Airport was also forced to cancel 140 flights on Monday. Airports were expecting continued minor disruptions throughout Wednesday or Thursday as well, but delays had dropped to the 30-40% range at the time of writing.

The UK’s NCSC said that it was “working with Collins Aerospace and affected UK airports, alongside the Department for Transport and law enforcement colleagues, to fully understand the impact of the incident.”

No threat actor has claimed responsibility for the incident as of yet. However, researchers suspect ShinyHunters or its partner Scattered Spider is to blame. Both gangs are notorious, with ShinyHunters being implicated in an ongoing wave of Salesforce data breaches. Earlier this year, Scattered Spider also aggressively targeted US companies with sophisticated social engineering and ransomware attacks.

Collins Aerospace is one of the world’s largest aerospace and defense solutions companies, owned by RTX (formerly Raytheon). Airports around the world use its software for check-in and boarding procedures, including managing luggage as well as printing boarding passes and luggage tags.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Special characters are not allowed in the Name field

Please enter a valid email address