RTX Confirms Airport Services Hit by Ransomware

RTX Confirms Airport Services Hit by Ransomware

Briefly

"The company said in an SEC filing that it became aware of the cybersecurity incident on September 19. The disclosure does not mention Collins Aerospace, the subsidiary that offers the impacted airport check-in and boarding solutions. RTX confirmed that customers have resorted to backup and manual processes, which has led to flights being delayed and cancelled. The company explained that ransomware was found on "systems that support its Multi-User System Environment (MUSE) passenger processing software," adding, "This software enables multiple airlines to share check-in and gate resources at airports, including baggage handling."

"RTX has not mentioned anything about personal or other types of data being stolen in the attack. The company says its investigation into the incident and its impact is ongoing, but does not expect it to have a material impact on its financial condition and operations. It appears that impacted European airports are experiencing delays due to the incident. It has been reported that the vendor has been having difficulties removing the ransomware from its systems, which have become reinfected following cleanup attempts."

"It's worth noting that major companies don't often specifically confirm being targeted in a ransomware attack and instead their SEC filings typically describe a more generic 'cyber incident'. Two cybersecurity experts, Kevin Beaumont and Dominic Alvieri, have independently confirmed that the attack involved an obscure piece of ransomware called HardBit. HardBit emerged in October 2022. Cybercriminals are using the ransomware to encrypt files on compromised s"