Ransomware Attack on RTX Grounds Flights Across Europe
A ransomware attack on RTXs passenger software has delayed flights at major European airports, including Heathrow. Technical details reveal how hackers hit the MUSE system.
Europe’s busiest airports just got slammed. A ransomware attack on RTX’s passenger boarding software has left Heathrow, Brussels, Berlin, and Dublin facing flight chaos. Thousands of travelers stranded. Airlines scrambling. The breach? It hit the digital heart of how airports move people and bags.
The Ransomware That Grounded Europe’s Skies
On September 19, 2025, RTX Corp.—parent of Collins Aerospace—confirmed its airline passenger processing software was hit by ransomware. The culprit: the Multi-User System Environment (MUSE). This system checks in passengers, boards flights, and tracks baggage for dozens of airlines. When it went dark, so did boarding gates across Europe.
The hack didn’t just hit one airline. Heathrow, Brussels, Berlin, and Dublin airports all reported disruption. Passengers posted images of massive queues, missed connections, and staff forced to process everything by hand. Heathrow advised fliers to show up three hours early for long-haul trips.
RTX says the attack came through a third-party vendor—not through their main corporate network. U.K. police have already arrested a suspect in his 40s under the Computer Misuse Act. RTX is now working with forensic experts and law enforcement on both sides of the Atlantic. The company has notified affected customers and is providing technical support as airports rush to restore normal service.
Crowds at airport check-in after cyberattack
Why This Attack Really Matters
Here’s why this matters:
-
Millions of travelers are impacted. The MUSE system is used by dozens of airlines at Europe’s largest airports.
-
Airports lost their digital backbone. When MUSE went down, even basic tasks—boarding, baggage, check-in—became manual.
-
Ripple effect on global flights. Delays in London, Brussels, or Berlin mean missed connections worldwide.
-
Trust in aviation security is shaken. If core systems can be taken offline, what else is vulnerable?
-
Ransomware is now an aviation threat, not just an IT problem. Attackers are targeting the software that moves people, not just company emails.
| Impact Area | Details |
|---|---|
| Passengers | Delays, missed flights, manual check-in |
| Airlines | Lost revenue, reputation hit, IT scramble |
| Airports | Security reviews, incident response overhaul |
| Industry | Wake-up call for supply chain vulnerabilities |
Competitors are watching closely. If a single third-party software can trigger this scale of chaos, every airline and airport is now on red alert. Regulators are already demanding answers from RTX and affected airports, with possible fines on the table.
How Hackers Got In: The Technical Breakdown
The attack targeted the MUSE system, a passenger processing platform that sits on customer-specific networks—not RTX’s main internal network. Think of MUSE as the digital glue that holds airport operations together: check-in, boarding, baggage, and more.
Hackers exploited a third-party vendor with access to MUSE. Once inside, they deployed ransomware, locking critical systems and forcing airlines to switch to backup manual processes.
Ransomware works by encrypting files and demanding payment to unlock them. In this case, the attack was fast and coordinated, leaving little time for staff to respond.
RTX’s SEC filing confirms the hack was limited to the MUSE environment, not the company’s core enterprise systems. But that distinction means little when thousands of flights are delayed.
No specific vulnerability (like a CVE) has been named yet. RTX says the investigation is ongoing. Technical details not yet disclosed on the exact ransomware strain or initial access vector. What’s clear: supply chain attacks on aviation software are now a serious risk.
So Where Does This Go From Here?
So where does this go from here?
-
Expect more airport delays until MUSE systems are fully restored. Manual processes are slow.
-
Aviation regulators will likely demand new supply chain security standards.
-
RTX and its vendors face major scrutiny. Future contracts may hinge on better software isolation and faster recovery.
-
Copycat attacks are possible. Ransomware crews know aviation is vulnerable—and lucrative.
Prediction: We’ll see airlines and airports investing heavily in incident response, backup systems, and third-party risk audits. Passengers may face more ID checks and longer waits as digital systems are hardened.
Bottom line:
Europe’s airport chaos wasn’t caused by fog or pilots—it was ransomware targeting the software that keeps planes moving, and every airport should now treat digital infrastructure as mission-critical.