Let’s look at BitLocker if all encryption is created equal, and if it is worth deploying. BitLocker was created in 2004 to protect information on devices if the drives were ever lost or stolen. This is done by encrypting and locking the drive upon boot-up. The best implementation is to make you use a PIN. While BitLocker may protect your information if your device is stolen, it does not prevent threat actors from stealing your information or provide you with any protection from ransomware. It does, however, prevent you from cloning the hard drive, making it hard to repair or upgrade the drive because no one knows their recovery key.
BitLocker was designed to protect stolen devices.
This is done by encrypting the information on your computer during the boot-up process. However, once you get past the boot-up process, the encryption requirements have been satisfied, and there is no longer “encryption” on your computer. Being locked does prevent the cloning of the hard drive. Once unlocked, it does not encrypt files copied from the drive.
Proper deployment of BitLocker requires a pin upon boot-up. While it can be an extra layer of security at boot-up, this feature is often turned off and put in transparent mode, making it invisible. Since a PIN isn’t used, your machine password is the only defense, and let’s face it, that is the most unsecured password anyone has because it needs to be memorized, and it never changes.
Was BitLocker designed to stop ransomware?
While BitLocker was designed to keep thieves from stealing your hard drive and gaining access to what could be sensitive information or “cloning” a drive, it does not prevent threat actors from stealing your information or infecting your system with ransomware! As said earlier, BitLocker’s encryption is only for boot up, after boot up the encryption is no longer there.
Threat actors have been known to exploit BitLocker to encrypt hard drives. BitLocker can “encrypt” BitLocker, and once the ransomware is removed, the original BitLocker can be messed up by double encryption. The threat actor can enable BitLocker using a PowerShell invisible to you, apply BitLocker a second time, and then apply a custom lock code, locking you out of your machine forever!
Is all encryption created equal?
True encryption is the restriction of sensitive/valuable information to only authorized users by “scrambling” data to anyone other than the authorized users. There are encryption programs available that work very well at “scrambling” information from unauthorized users! They decrypt on the fly, but if you just copied a file, it stays encrypted. The problem with true encryption programs is if you try to stop using them and try the removal of true encryption programs, it can leave files “scrambled.” BitLocker is not true encryption because it only encrypts on boot-up. Not all encryption is created equal!
Is the word encryption enough of a reason to deploy an anti-theft device?
So in conclusion, while BitLocker can provide an extra layer of security during the boot-up process, it uses secure boot and UEFI, which locks the startup files from being corrupted. Consequently, being used in transparent mode is the same as having a lock that unlocks when anyone approaches it. As discussed, BitLocker’s encryption was not designed to prevent ransomware; it was designed to prevent theft. Not all encryption is created equal! So, is BitLocker worth deploying? The word encryption should not be enough of a reason to deploy an anti-theft device! I don’t recommend IT! Only use BitLocker if you secure it properly with a PIN. If you decided to enable this tool, make sure you have the recovery key stored somewhere safely, we will cover how to retrieve your BitLocker Key in a future blog.