European authorities have confirmed that ransomware was responsible for the cyberattack that disrupted airport check-in systems across the continent last week.

The EU Agency for Cybersecurity (ENISA) announced Monday that the type of malicious software used in the attack has been identified, and law enforcement agencies have launched an investigation.

The attack, carried out on Friday, targeted Collins Aerospace, a company that supplies passenger registration and control systems to multiple European airports. The breach caused widespread problems, including at London Heathrow, Brussels Airport, and Berlin Brandenburg Airport.

Lingering disruptions

Berlin Brandenburg Airport remains heavily affected, as more than 92,000 travelers are expected today — a higher-than-usual figure linked to yesterday’s city marathon. Passengers continue to face delays as systems operate at limited capacity.

Collins Aerospace stated earlier today that it is cooperating with the impacted airports and is in the final phase of a software upgrade to restore full functionality.