Airport chaos underscores growing trend of high-profile ransomware attacks
A weekend ransomware attack that crippled airport check-in systems across Europe has drawn attention to a new trend in cybercrime: hackers are increasingly targeting high-profile companies and infrastructure for both larger payouts and reputational clout, cybersecurity experts said.
The European Union’s cybersecurity agency ENISA confirmed on Monday that the attack on Collins Aerospace, a unit of RTX, was ransomware-based. The hack disrupted check-in and baggage systems since Friday, grounding flights and stranding thousands of passengers. The attackers’ identity remains unknown, with no ransomware group yet claiming responsibility on dark web leak sites.
Rafe Pilling, Director of Threat Intelligence at Sophos, noted that while most ransomware attacks remain financially motivated, a subset of operations is now engineered for maximum disruption: “They are becoming more visible and more ambitious.”
The strategy is not new but appears to be escalating. In April, the group Scattered Spider was linked to an attack on retailer Marks & Spencer that halted online orders for weeks. Britain’s National Crime Agency also charged two teenagers last week over a 2024 attack on Transport for London, tied to the same group. The FBI estimates Scattered Spider has been involved in around 120 network intrusions and netted $115 million in ransom payments.
Experts warn the trend poses greater systemic risks. Martyn Thomas, Emeritus Professor of IT at Gresham College, said software vulnerabilities and weak security practices continue to fuel the crisis: “If criminals were to decide to cause serious injury or many deaths, the same attack strategies could be used on critical systems in healthcare or major infrastructure.”
Another driver, analysts say, is reputation within cybercriminal networks. Pulling off high-impact breaches boosts a hacker’s credibility and standing among peers, creating a cycle of increasingly bold attacks.
The incident highlights the growing urgency for stronger software security and corporate defenses as ransomware groups become more emboldened, aiming not only for profit but also prestige.