It saddens me greatly to be delivering this wake-up call. Almost as much as it saddens me that I’m so late to this particular party. However, it seems that many unfortunate Windows 11 users have been experiencing the “BitLocker ransom” problem for six months or more.
The problem is your Windows 11 PC or laptop can turn BitLocker disk encryption on, and not tell you about it, in the course of an earlier Windows Update process. Later on, this invisible change grows teeth, when a later (and in my case, optional) update includes a file that, perversely enough, is sufficiently similar to other types of threat that your data is “at risk”. The only way to protect it is by encrypting the boot volume of your machine, and demanding a recovery key before you’re allowed back in.
READ MORE
If you’re lucky, you have some way of getting to your Microsoft account not involving using the now utterly stone-dead bricked laptop, to obtain the recovery key. If you’re like me, then various policies of my own, such as not traveling with more than one laptop and not logging into my Microsoft identity for protracted periods of time, are likely to keep it out of reach.
As Microsoft says, those might not be the only set reasons why you can’t retrieve the key. Perhaps the most annoying one is that if a different login enabled BitLocker at the outset – easily done, given how short on warnings or progress reports the whole process is – then it’s likely that they get sent the recovery key, not you. Not that you can figure out who to chase down in that scenario, because giving away the account name with the key in it would constitute a “security breach”.
There are fixes, but every last one of them is about before it happens, not after. You can disable BitLocker, either via the Control Panel, or using PowerShell, or Group Policies (even if you’re not in a corporate network).
I was amazed to find out just how many fellow administrators were really not sure of how their various afflicted machines got that way in the first place. Their puzzlement made me feel a lot better: as a group of hardcore systems admins, well used to Microsoft behavior with system updates, they were shocked to find that some of their personal devices had gone to DEFCON 1, with BitLocker turned on silently and without their consent – or so they thought, not having looked hard or often at this bit of the system.
The reason to bring your attention to this is, in fact, all about its long-term, slow-motion car crash effect. I am not at all convinced the preventative Group Policies, drive formatting, or Control Panel pages are going to help. Microsoft has a good deal of previous for not caring about dissenters; some settings come back, even when you’ve decided you don’t want them.
Every Windows 11 user needs to take steps to prevent this particular bear trap from closing on their work-in-progress documents, emails, and so on. Of course, if you have been a total goody-two-shoes and accepted all of Microsoft’s suggestions for online data sync services, and you have several fully-licensed, synchronized, and up-to-date machines, then your stuff ought to be reachable.
READ MORE
But when the Windows 11 machine I was reviewing displayed the BitLocker Recovery Key screen, I was a long way from my other machines. That’s what I use laptops for, working while traveling. As a frequent traveler, I have developed a few hard and fast rules that rather go against the assumptions that Microsoft presents as part of its excuses package for BitLockering. One is that I minimize logging in to online accounts while away from my home network, mostly to avoid the floods of paranoid warning messages this causes. Another is, no online purchasing while traveling, whether on my own machinery or others which circumstances force me to use. I don’t even like the US habit of walking off with my credit cards and doing the contactless transaction themselves.
At the moment, I am telling all my user contacts not to leave documents on Windows 11 devices of any kind. Last time, I mentioned keeping scans of my vital identity documents on a USB key dangling beside my house keys: that’s been upgraded a bit because I find my current minimum working set of files and emails is a good few gigabytes.
In the long term, I won’t be using Windows 11 at all until a satisfactory solution to this foolishness emerges. In fact, all the way through the writing of this column, my oldest, most presentable laptop has been downloading three complete versions of Fedora Linux, one after another. I assume each is about a DVD’s worth of code, but even my older machine is coping well so far. It will be with me on my next trip in a few days’ time; the Windows 11 machine will be at home, on the bench, awaiting a solution.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Recall arrives for Intel and AMD devices after months of controversy
News Microsoft's Recall feature is now available in preview for customers using AMD and Intel devices.
-
With one year to go until Windows 10 end of life, here’s what businesses should do to prepareNews IT teams need to migrate soon or risk a plethora of security and sustainability issues
-
Microsoft is doubling down on Widows Recall, adding new security and privacy features – will this help woo hesitant enterprise users?
News The controversial AI-powered snapshotting tool can be uninstalled, Microsoft says
-
Microsoft pulls Windows update after botched patch causes blue screens, reboot loopsNews Microsoft has pulled a Windows 11 update ahead of next week's Patch Tuesday after encountering a raft of issues
-
It looks like we’re stuck with Windows Recall: Microsoft confirms option to uninstall was just a ‘bug’
News The controversial feature can be disabled, but Microsoft isn't saying much else
-
Companies “wary” of Windows 11 migration challenges as Windows 10 EOL draws closer
News A recent study shows that only a fraction are running Windows 11, despite a rapidly-approaching end of life deadline
-
New Windows vulnerability could repeatedly trigger the blue screen of death on millions of devicesNews Attackers could exploit the Windows vulnerability to repeatedly crash machines and trigger a blue screen of death, according to researchers at Fortra
-
Here’s how much Windows 10 could cost if you don’t upgrade this yearNews Windows 10 extended security updates will cost users dearly, with prices rising incrementally each year.
