Tria Labs Logo_White_PNG
TriaLabs
UK arrests suspect for RTX ransomware attack causing airport disruptions
uk-arrests-suspect-for-rtx-ransomware-attack-causing-airport-disruptions
Sergiu Gatlan
September 24, 2025
Cybersecurity

The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports.

The NCA stated that the arrest was made following an investigation into the cyberattack that impacted Collins Aerospace's Multi-User System Environment (MUSE) passenger processing software.

"NCA officers, supported by the South East ROCU, arrested a man in his forties in West Sussex yesterday evening on suspicion of Computer Misuse Act offences," the law enforcement agency said in a Wednesday press release.

"Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing," Paul Foster, head of the NCA's National Cyber Crime Unit, added.

While the investigation is ongoing, the suspect has since been released on conditional bail, according to an NCA statement.

RTX Corporation (formerly Raytheon Technologies), the owner of Collins Aerospace, which employs over 186,000 people worldwide and has reported revenues of over $80 billion last year, has confirmed that a MUSE ransomware attack is causing disruptions at European airports.

"This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling. The MUSE airport systems operate outside of the RTX enterprise network, residing on customer-specific networks," RTX said in a filing with the Securities and Exchange Commission (SEC) on Wednesday.

The ransomware attack was detected on Friday, September 19, when the first reports of flight delays emerged, and has caused a wave of flight cancellations and delays.

The list of airports experiencing technical difficulties includes Heathrow in London, Brussels Airport, Cork and Dublin airports in Ireland, Berlin Brandenburg Airport, and many others.

"Upon detecting the incident, the Company activated its incident response plan and promptly took steps to assess, contain, respond to and remediate the incident. The Company is diligently investigating the incident with the assistance of internal and external cybersecurity experts and has notified domestic and international law enforcement authorities and certain other government agencies," RTX added.

"The Company is also communicating with its customers and other stakeholders and providing technical support and guidance to affected airlines and airports. Our customers have shifted to back-up or manual processes and have experienced certain flight delays and cancellations."

https://www.bleepingcomputer.com/news/security/uk-arrests-suspect-for-rtx-ransomware-attack-causing-airport-disruptions/
Linkedin
Twitter
Email