The airport disruptions across Europe that began over the weekend were caused by a ransomware attack, according to the European Union’s cybersecurity agency ENISA on Monday.  

“ENISA is aware of the ongoing disruption of airports’ operations, which were caused by third-party ransomware incident. At this moment, ENISA cannot share further information regarding the cyberattack,” the agency said in an emailed statement to TechCrunch.  

The ransomware attack targeted Collins Aerospace, a company that provides among other things check-in systems to several airports, including Berlin, Brussels, and London’s Heathrow. The company said it was working with affected airports to restore services, according to Reuters, which first reported ENISA’s statement. 

On Saturday, The Guardian reported that Collins Aerospace said that the software targeted was the company’s passenger processing system called MUSE, which “allows multiple airlines to share check-in desks and boarding gate positions at an airport rather than having their own dedicated infrastructure,” according to Collins Aerospace’s official website. 

Collins Aerospace, which is owned by defense contractor RTX, did not immediately respond to a request for comment. At this point, it’s unclear who is behind the cyberattack.  

The cyberattack has caused disruptions with check-in processes, flight delays, and cancellation since Friday night.