Grounded: The ARINC vMUSE Attack Disrupting Multiple Airports | UpGuard

A September 20, 2025 ransomware attack against the ARINC vMUSE passenger processing platform (used by multiple international airports) forced airports to revert to manual procedures, producing widespread delays and 217 flight cancellations; ENISA confirmed the outage was caused by ransomware delivered via a supply‑chain compromise of a third‑party provider, with attackers exploiting outdated, internet‑facing software and end‑of‑life Cisco ASA VPN appliances, and the report warns of significant third‑party risk and recommends improved vendor transparency, legacy system management, and elevated cybersecurity governance.