Europe Airport Chaos Highlights Rise in High-Profile Ransomware Attacks: Cyber Experts

Cybercriminals are taking greater risks by hitting high-profile targets to get bigger payoffs and boost their online reputational clout, cybersecurity experts said, after a weekend hack crippled airport check-in systems across Europe and stranded thousands of passengers. The European Union’s cybersecurity agency ENISA confirmed on Monday that the hack on Collins Aerospace, owned by RTX, was a ransomware attack, but did not say where the attack originated from.

The outage, which hit check-in and baggage drop services, has affected dozens of flights since Friday. While the exact extent of the damage is still being assessed, it's clear that cybercriminals are becoming increasingly brazen in their attacks on high-profile targets.

"Broadly, the majority of ransomware activity is still geared towards extortion through data encryption and theft," said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. "However, there is a subset of attacks deliberately engineered for maximum disruption, often by Western-based groups, which are becoming more visible and more ambitious."

Ransomware gangs routinely publicize attacks and leak stolen data on dark web "leak sites," but websites that monitor those portals had not, as of Monday, detected any group claiming Collins Aerospace, or RTX, as a target. This lack of attribution adds to the concerns around the rise in high-profile ransomware targets.

Ransomware is malicious software used by cybercriminals to encrypt a company’s data and demand payment for its release. They typically operate in the shadows, and many try to avoid targets which might earn them unwanted attention from law enforcement agencies.

Other groups, however, are becoming more brazen in the kind of targets they choose, cybersecurity experts said. In April, a group of hackers dubbed Scattered Spider was widely reported to be behind an attack that crippled British retailer Marks & Spencer, preventing one of the best-known names in British retailing from taking online orders for weeks.

Last Thursday, Britain’s National Crime Agency charged two teenagers over a 2024 cyberattack on London’s Transport for London, which it said caused "significant disruption and millions in losses." The NCA said investigators believed the TfL attack was carried out by members of Scattered Spider. The FBI has said Scattered Spider was involved with approximately 120 network intrusions, and has earned around $115 million in ransom payments.

"It’s clear from the number of recent cyberattacks and their impact that this is a problem that will grow, possibly rapidly, until software developers get much better at writing secure software and company IT staff get much better at evaluating the security of software their company chooses to purchase or use remotely," said Martyn Thomas, Emeritus Professor of IT at Gresham College, London.

"We have been lucky so far, as the motivation of cyber criminals has been disruption or financial gain. If they were to decide to cause serious injury or many deaths, the same attack strategies could be used on critical systems in healthcare or major infrastructure," Thomas added.

One potential factor adding to the rise in higher profile and more criminally risky ransomware targets is the pursuit of reputation within criminal circles: The bigger the target, the more online clout cybercriminals have with other hackers. “A small but determined set of largely Western-based cybercriminals are honing their skills and becoming emboldened by their past success and the success of others,” said Pilling at Sophos.

"Their motivation isn’t only financial though and pulling off a high-impact breach also brings social standing and credibility within their peer networks." As the threat landscape continues to evolve, cybersecurity experts are urging companies and governments to take notice and prepare for the worst. The stakes have never been higher, with cybercriminals pushing the boundaries of what is possible and the consequences of inaction becoming increasingly dire.