A man allegedly connected to the series of cyberattacks that targeted airports across Europe last week has been arrested by the National Crime Agency (NCA). The arrest took place in the early hours of Wednesday, September 24, 2025, in West Sussex. The 40-year-old man is facing charges in relation to the ransomware attacks that disrupted operations at multiple major airports, including Brussels, Dublin, London Heathrow, and Berlin.
The cyberattacks were reported on Friday, September 19, 2025, when a sophisticated ransomware strain targeted the MUSE (Management and Unification of Systems for the Enterprise) software, which handles baggage and check-in services for several international airports. The malware crippled airport systems, leading to widespread chaos. Over hundreds of flights were canceled, and passengers faced significant delays, while airport staff were forced to revert to manual procedures involving paper and pen to process passengers, which, understandably, slowed down operations considerably.
As of now, the exact nature of the ransomware attack remains undisclosed by authorities, leaving many questions unanswered about the perpetrators’ motivations or how they managed to infiltrate systems. The arrested individual, whose name has not been revealed, has been released on conditional bail pending further investigation.
The Rise of Cybercrime in Critical Infrastructure
This attack highlights the increasing vulnerability of critical infrastructure to cybercriminals. Despite most airports having robust cybersecurity protocols in place, these systems continue to face significant threats from increasingly sophisticated hackers. Techniques such as phishing (fraudulent attempts to obtain sensitive information) and vishing (voice phishing) have become common entry points for malware, which is then used to lock down systems or steal data.
Ransomware attacks often operate through double extortion, where hackers not only demand a ransom to decrypt data but also threaten to release or sell sensitive information if their demands are not met. This combination of tactics makes it even more difficult for authorities and organizations to address the problem and prevent future breaches.
In the case of last week’s cyberattack, it’s likely that an initial phishing or internal threat vector allowed the ransomware to gain access to the airports’ networks. Once inside, the malware encrypted vital systems and forced the airport staff to revert to manual operations—a significant setback for operations already under strain due to the travel rush.
Increasingly Complex Cyber Threats
The sophistication of such cyberattacks is a stark reminder of the evolving landscape of cyber threats, especially against sectors that rely heavily on technology for everyday operations. As airports and other critical services invest in stronger digital security measures, cybercriminals are continuously developing new methods to bypass protections, demonstrating an escalating arms race between cybersecurity professionals and hackers.
Authorities are continuing their investigation into the nature of the attack, with the arrested individual set to face further questioning. The NCA has yet to release further details on whether additional arrests or charges are forthcoming.
