The European Union has confirmed that a massive cyberattack on several major European airports was triggered by a coordinated ransomware operation, raising new fears about the vulnerability of the continent’s aviation infrastructure.
Officials in Brussels described the incident as “one of the most significant cyber intrusions in the sector to date,” noting that the European airport cyberattack temporarily disrupted flight schedules, baggage systems, and internal communications across multiple countries.
European Commissioner for Home Affairs, Ylva Johansson, told reporters on Monday that forensic analysis of the breach showed ransomware was deployed simultaneously against airports in Germany, France, Italy, and the Netherlands.
“This was not a random incident. It was a deliberate, well-planned, and highly coordinated attack targeting some of Europe’s most critical transport hubs,” Johansson said.
She added that the EU was working closely with Europol and national cybersecurity agencies to trace the origin of the attack, stressing that “all evidence points to ransomware as the primary tool.”
Passengers at several airports reported long queues, check-in delays, and malfunctioning digital kiosks. At Paris Charles de Gaulle, screens displaying flight information went blank for nearly three hours, forcing staff to direct travelers manually.
In Frankfurt, Germany’s busiest airport, baggage handling systems failed, leaving thousands of bags stranded. “It was chaos,” said Lars Meyer, a passenger flying to Madrid. “People didn’t know whether their flights were leaving, and staff were just as confused.”
Cybersecurity experts who have been monitoring the incident say the European airport cyberattack bears hallmarks of advanced criminal groups operating with state-level resources.
Dr. Helena Kruger, a researcher at the Cyber Defence Institute in Stockholm, told The European Review that the sophistication of the ransomware suggested it was not the work of amateurs.
“The malware used multi-layered encryption techniques and evasion tactics we usually associate with nation-state actors,” she explained. “That does not necessarily mean a government was behind it, but the level of skill is undeniable.”
The ransomware, once inside airport IT networks, encrypted large volumes of operational data, demanding payment in cryptocurrency for decryption keys.
According to sources in the French interior ministry, ransom notes requested sums equivalent to €10 million from each targeted airport. “We do not negotiate with criminals,” Interior Minister Gérald Darmanin declared. “No ransom was paid, and systems are being restored through backups and cybersecurity expertise.”
The European Union Aviation Safety Agency (EASA) stressed that no flight safety systems or air traffic control operations were compromised. EASA Executive Director Patrick Ky reassured the public: “While the disruption to passengers was regrettable, critical flight safety remained intact. The attack was aimed at operational logistics, not navigation systems.”
Still, the incident has alarmed policymakers, with many calling for tougher defenses. European Parliament President Roberta Metsola urged member states to strengthen cooperation.
“What we witnessed was a wake-up call. Cybercriminals targeted the heart of Europe’s mobility. Our airports cannot become pawns in a ransomware blackmail game,” Metsola said during a plenary debate in Strasbourg.
The European airport cyberattack has also sparked questions about whether foreign adversaries might have been indirectly involved.
A senior EU diplomat, speaking on condition of anonymity, said intelligence services were exploring possible links between the attackers and known Russian and North Korean cyber units. “At this stage, attribution is ongoing, but we cannot rule out geopolitical motives behind what may appear as criminal activity,” the diplomat stated.
Travelers who were caught up in the disruption voiced frustration but also concern for future trips. Maria Fernández, a business traveler stranded in Amsterdam’s Schiphol Airport, said: “I can accept delays due to weather or strikes, but when it’s hackers shutting down airports, that feels frightening. If they can block check-ins, what’s next?”
Across the Atlantic, U.S. authorities expressed solidarity and offered assistance. Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said Washington was sharing technical expertise with European counterparts.
“The aviation sector is an international system. An attack in Europe has ripple effects everywhere. We stand ready to help our allies mitigate and recover from this ransomware incident,” Easterly stated.
The airline industry is particularly vulnerable to cyber threats because of its reliance on interconnected digital systems. Professor Daniel Varga, who teaches cybersecurity at the University of Budapest, explained: “Airports operate like mini-cities, with countless networks for ticketing, luggage, security, and logistics.
If attackers breach one weak point, they can cascade through the system.” He warned that cyberattacks could become “the new weapon of choice” for groups seeking to inflict economic and psychological damage without firing a shot.
The International Air Transport Association (IATA) condemned the attack, calling it an assault on global mobility. IATA Director General Willie Walsh said: “Ransomware against airports does not just hurt airlines or passengers. It undermines the entire global economy, which depends on aviation. Governments must treat cyberattacks on airports as acts of aggression, not petty crimes.”
Financial analysts have already estimated the cost of the European airport cyberattack could exceed €200 million, factoring in lost revenue, compensation to passengers, and the expense of restoring systems. Insurance companies are bracing for claims, though some policies exclude coverage for ransomware linked to hostile states.
In Brussels, the European Commission is preparing emergency legislation that would mandate higher cybersecurity standards for airports, including compulsory penetration testing, real-time monitoring, and stricter vendor vetting. “We cannot allow outdated systems and poor digital hygiene to expose millions of travelers,” Commissioner Johansson emphasized.
Passengers are also being advised to remain cautious. The EU’s cybersecurity agency ENISA warned travelers against phishing emails or fake airline notifications that might exploit the incident.
“Hackers often use major cyberattacks as cover to launch secondary scams,” said ENISA chief executive Juhan Lepassaar. “We urge citizens to verify communications and avoid clicking suspicious links.”
The scale of the disruption has been compared to past attacks on critical infrastructure. In 2021, the ransomware strike on Colonial Pipeline in the United States temporarily halted fuel supplies, while last year, Denmark’s railway systems faced outages due to a similar malware incident. “We are seeing ransomware evolve from targeting companies to targeting entire industries,” said Dr. Kruger. “Airports are just the latest victims.”
As operations return to normal, European leaders are keen to project resilience. At Frankfurt Airport, CEO Stefan Schulte reassured passengers: “Our teams have worked tirelessly to restore systems. Flights are moving again, and we are committed to learning from this incident to build stronger protections.”
The European airport cyberattack underscores the growing threat posed by ransomware, where criminal networks exploit digital vulnerabilities to extort massive sums.
With airports handling hundreds of thousands of passengers daily, the attack demonstrated how even short-term disruptions can reverberate across borders, economies, and public confidence.
For travelers, the incident is a reminder that cybersecurity is no longer just about protecting personal data but about safeguarding the physical systems that underpin modern life.
For governments, it signals that ransomware must be confronted with the seriousness once reserved for physical terrorism. As Johansson concluded in her press conference: “This was not just an attack on airports. It was an attack on Europe’s freedom of movement. And we will respond accordingly.”
