question

ITResearcher-2061 avatar image
0 Votes"
ITResearcher-2061 asked windowshomeserver2011project-1578 commented

Can Bitlocker encryption be attacked/disabled by ransomware?

Can a drive (system or external) that is already Bitlocker encrypted and locked, be able to be attacked and encrypted by ransomware? We need prevention from over-encryption, not destruction or formatting.

This question has been asked in another forum, but it is not clear whether the answers there are applicable for drives that are locked after BitLocker encryption. https://security.stackexchange.com/questions/161122/can-ransomware-encrypt-files-in-a-drive-locked-by-bitlocker

We have tried to encrypt a drive in a locked state (via BitLocker) with Veracrypt, but it is giving a message that it will be able to encrypt only after formatting the drive as it is not NTFS drive. So can we conclude drives in a locked state are safe from ransomware encryption?

windows-10-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You will need to backup all important data anyway, since even when bitlocked and locked (seen by the OS as RAW), it may be formatted by malware (no, ransomware would not format, of course.

0 Votes 0 ·

Bit locked hacked fpt
Camera windows settup al setpas late

0 Votes 0 ·
Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered

When a drive is encrypted using BitLocker , then no one or no application is able to access it and it will ask for the key and without they key it is unable to perform any action. You might have noticed like if use BitLocker To Go which is for the USB devices, when you insert it into a new device it won't let you to perform any action on the USB unless you enter the product key. In such a case, even if the host system is infected, it won't be able to harm the USB unless you enter the key and unencrypt the data. We have a similar case in BitLocker too, while data are encrypted, ransomwares or malwares won't be able to harm those data. However, when you are booting your system it will have to unencrypt the drive and in this case, if there is a ransomware attack it will harm data.
To protect your system against ransomware attack , you may consider using Controlled folder access instead which is designed to protect your system against ransomwares, take a look at:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-controlled-folders
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access
https://support.microsoft.com/en-us/windows/allow-an-app-to-access-controlled-folders-b5b6627a-b008-2ca2-7931-7e51e912b034

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello ITResearcher,

Thank you for your question.

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

For reference:
https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview

Ransomware stops you from using your PC. It holds your PC or files for "ransom".

Ransomware can:

  • Prevent you from accessing Windows.

  • Encrypt files so you can't use them.

  • Stop certain apps from running (like your web browser).

BitLocker may help in preventing Ransomware.

https://docs.microsoft.com/en-us/security/compass/human-operated-ransomware



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.