Share via

Can Bitlocker encryption be attacked/disabled by ransomware?

IT Researcher 46 Reputation points
2021-10-04T11:00:05.207+00:00

Can a drive (system or external) that is already Bitlocker encrypted and locked, be able to be attacked and encrypted by ransomware? We need prevention from over-encryption, not destruction or formatting.

This question has been asked in another forum, but it is not clear whether the answers there are applicable for drives that are locked after BitLocker encryption. https://security.stackexchange.com/questions/161122/can-ransomware-encrypt-files-in-a-drive-locked-by-bitlocker

We have tried to encrypt a drive in a locked state (via BitLocker) with Veracrypt, but it is giving a message that it will be able to encrypt only after formatting the drive as it is not NTFS drive. So can we conclude drives in a locked state are safe from ransomware encryption?

Windows for business Windows Client for IT Pros Devices and deployment Configure application groups

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Reza-Ameri 17,336 Reputation points Volunteer Moderator
    2021-10-04T17:47:42.707+00:00

    When a drive is encrypted using BitLocker , then no one or no application is able to access it and it will ask for the key and without they key it is unable to perform any action. You might have noticed like if use BitLocker To Go which is for the USB devices, when you insert it into a new device it won't let you to perform any action on the USB unless you enter the product key. In such a case, even if the host system is infected, it won't be able to harm the USB unless you enter the key and unencrypt the data. We have a similar case in BitLocker too, while data are encrypted, ransomwares or malwares won't be able to harm those data. However, when you are booting your system it will have to unencrypt the drive and in this case, if there is a ransomware attack it will harm data.
    To protect your system against ransomware attack , you may consider using Controlled folder access instead which is designed to protect your system against ransomwares, take a look at:
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders
    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access
    https://support.microsoft.com/en-us/windows/allow-an-app-to-access-controlled-folders-b5b6627a-b008-2ca2-7931-7e51e912b034

    0 comments
  2. Limitless Technology 39,916 Reputation points
    2021-10-05T13:43:07.683+00:00

    Hello ITResearcher,

    Thank you for your question.

    BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

    For reference:
    https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview

    Ransomware stops you from using your PC. It holds your PC or files for "ransom".

    Ransomware can:

    • Prevent you from accessing Windows.
    • Encrypt files so you can't use them.
    • Stop certain apps from running (like your web browser).

    BitLocker may help in preventing Ransomware.

    https://learn.microsoft.com/en-us/security/compass/human-operated-ransomware

    ----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.