ARINC are flying engineers out to airports to try to fix terminals.

Brussels airport, EBBR, have issued this NOTAM: “AD LTD DUE TO AN IT SYSTEM DISRUPTION. AIRLINES ARE TO CANCEL 50
PERCENT OF THEIR DEPARTING PASSENGER FLIGHTS IN THIS TIMEFRAME”

The ARINC incident continues https://www.bbc.co.uk/news/articles/cwy88857llno

Also for anybody interested, ARINC is where the cyber incident is.

ARINC were basically the OG airport network provider, from 1929. ARNIC were sold to Carlyle Group (private equity) in 2007, who sold them to Rockwell Collins in 2013, who sold to United Technologies in 2018, who merged to form Collins Aerospace. Their network looks a mess of US corporate shenanigans… webmail doesn’t even require https yet 😅

Worth noting that airplanes are incredibly safe and resilient after extensive regulation and open and transparent investigations of every air incident…

when you land on the ground, however, air travel is caught in the same cybersecurity bullshit every other industry is caught up in.

After ARINC restored domain controllers from backup, the threat actor got back in and started trashing more stuff. 🫡

The whole thing is a mess, they probably want to pause, take a breathe, and think about flushing out attacker before rebuilding things.

Berlin Airport ran at 70% delays yesterday

https://www.dailyfinland.fi/europe/45344/Long-delays-at-Berlin-airport-as-authority-confirms-ransomware-attack

I’ve confirmed today that Heathrow, Berlin and Dublin all still have no Muse terminals restored. I haven’t checked other airports. It’s even more complicated because Muse both processes and stores biometrics of passengers.

"Before we reconnect our system, we must be 100% sure that there are no malware programmes left," the BER spokesman said.

The Europe airlines ransomware situation is a variant of Hardbit ransomware, which doesn’t have a portal and is incredibly basic.

They’ve had to restart recovery again as the devices keep getting reinfected. I’ve never seen an incident like it. Somebody like the NCSC needs to go in and help them with IR.

Look at Dublin airport, reporters starting to realise it never actually got fixed 😅

https://www.thejournal.ie/dublin-airport-issues-timeline-fix-6824817-Sep2025/

Flight delays today:

Heathrow 78%
Brussels 79%
Dublin 68%
Berlin 86%

All are vMuse. London City isn't on vMuse, they're at 35% as a point of comparison.

NPR and PBS have somehow managed to run a completely bollocks article linking the EU airport thing to AI - the article itself written by an AI cybersecurity vendor. https://www.wgcu.org/science-tech/2025-09-23/detection-expert-says-hackers-likely-used-ai-to-penetrate-airport-system

It's completely false. The payloads used in this one are detected by free Defender AV with a decade old static AV detections. This is not some cyber mega attack by a ransomware group: it's extremely poor security hygiene.

If your board is concerned about the EU ransomware thing - there is no need to be concerned. It is not a wider issue.

It wouldn't surprise me if the person arrested turns out to be an employee trying to do incident response or some such (I'm not saying they're guilty, at all).

It's an extremely unusual incident and essentially involves lax cybersecurity and confused response.

ARINC/Collins have been unable to restore the systems in Brussels airport so they are ripping out and replacing everything.

https://www.lesoir.be/700923/article/2025-09-24/cyberattaque-brussels-airport-un-nouveau-systeme-deploye-ce-lundi-avec-lespoir

HT @0xThiebaut

There’s a bit more info here: https://www.aviation24.be/airports/brussels-airport-bru/accelerate-rollout-of-new-check-in-system-after-cyberattack-on-collins-aerospace-software/

They will keep cancelling 10% of flights each day for the foreseeable future.

Flight delays today:

Heathrow 90%
Brussels 89%
Dublin 84%
Berlin 86%

All are vMuse. London City isn't on vMuse, they're at 33% as a point of comparison.

In terms of recovery:

- Heathrow going nowhere, manual workarounds to issue bag tags and boarding passes, airlines have been told to maintain continency measures until w/c October 6th

- Brussels Airport are manual workarounds to issue bag tags and boarding passes, and are ripping out all their vMuse terminals and Muse IT infrastructure and replacing them

- Dublin making progress to starting restoration

- Berlin manual workarounds to issue bag tags and boarding passes

A bit more on Berlin: https://www.heise.de/en/news/Cyberattack-on-airports-Problems-continue-at-BER-and-one-arrest-10669689.html

https://www.travelandtourworld.com/news/article/berlin-brandenburg-airport-in-full-crisis-mode-as-cyberattack-forces-drastic-measures-leaving-travelers-exposed-to-delays-and-confusion/

Aer Lingus have got their check in terminals working again at Dublin Airport

https://ittn.ie/travel-news/aer-lingus-electronic-check-in-and-bag-drop-facilities-fully-operational-again-following-airport-cyber-attack/

Flight delays today:

Heathrow 95%
Brussels 94%
Dublin 76%
Berlin 80%

All are vMuse. London City isn't on vMuse, they're at 33% as a point of comparison.

If you're traveling via Heathrow, Brussels, Dublin or Berlin airport this weekend - flights are running fine but average 90% delays still.

Check in online (rather than at the airport). If you need to baggage drop add about ~30 mins to your usual schedule.

Expectation is this will last for about another week or two due to the ongoing issues at ARINC/Collins/RTX.

The exceptions are British Airways and Aer Lingus, who are okay now and extra staffed too.

Flight delays today:

Heathrow 81%
Brussels 81%
Dublin 73%
Berlin 77%

I'm probably going to stop tracking this one for now, basically the impacted airports are mostly okay to travel through, check in online basically.

Airports did a really good at being resilient, by falling back to paper and/or using online check in.

Collins, less so.