Bitlocker is a Sleeping Cryptolocker Virus

This is a sincere warning for anyone purchasing a laptop with Windows 10, Bitlocker, and/or the Trusted Platform Module (TPM). As of yet I’m not sure which part of this is the culprit, but there is something severely defective with this hardware/software combination on some laptops, which will turn a dormant/disabled Bitlocker security feature into an active/enabled Cryptolocker virus.

A Cryptolocker virus is something that encrypts all the files on your hard drive without your permission. Once encrypted, the files are basically impossible to recover.

I seriously can’t believe this happened!

I purchased three Dell Latitude 7480 laptops, both with the same specs. All three laptops were prepared by me and then sent to users in the field, like always.

Two of those laptops remain fine (I’m crossing my fingers still), but one of them decided to go into Bitlocker Recovery mode on startup for some reason, even though we never enabled this feature or received a Bitlocker Recovery key from Dell.

There is absolutely no way around it. Bitlocker without a recovery key, stuck at the Bitlocker Recovery screen, is essentially a Cryptolocker virus. It’s the same EXACT thing.

Keep in mind that I absolutely despise drive encryption for our company laptops because we have nothing that important to encrypt and it only causes issues like this. I never enabled or configured Bitlocker on any of these laptops.

In fact, every time I purchase laptops from Dell – and I’ve purchased at least 200 so far – I specifically choose no Dell Data Protection (DDPE), no Trusted Platform Module (TPM), no Bitlocker, and no full drive encryption. We don’t want or need those features, they are a burden to us.

Needless to say, the user was surprised to see one morning when he turned on his brand new Dell Latitude 7480, a Bitlocker Recovery screen was prompting for some kind of key which he did not have. This user contacted me for the key, which I did not have either. I can only assume this is some kind of defect in Windows or with the Dell laptop where Bitlocker turned itself on.

So I had the user return his new laptop and pick up his old one.

I contacted Dell a total of three times. The first time they gave me a bunch of options to disable in BIOS, per this article:

http://www.dell.com/support/article/us/en/19/sln304584/bitlocker-asks-for-a-recovery-key-every-boot-on-usb-c—thunderbolt-systems-when-docked-or-undocked?lang=en

None of that advice helped. At this point I needed to recover some of the users work from the drive. Turns out Microsoft OneDrive hadn’t synced his work for a week, so the copies in the cloud were too old. Not knowing much about Bitlocker (I never use it), I decided to pick up an M.2 hard drive adapter and stick the drive into another computer so I could try recovering the data. No dice, a Bitlocker screen popped up asking for that same key.

Stepping out of the official support lanes for a moment, I decided to do some research. It turns out other people are experiencing this problem too, and the “answers/solutions” are a bit unnerving:

BitLocker locked me out on Surface Pro 3; I’ve never set up BitLocker and key is not stored anywhere

Bitlocker Enabled Without Warning, No Recovery Key!

Bitlocker – becoming an irritation

Soooo…the answer is Bitlocker can’t possibly do this? But I should nuke the drive and start over?

On the final call with Dell, they acknowledged that their engineers are looking into a potential issue where automatic updates might be triggering Bitlocker somehow. The only thing they could do is tell me to contact Microsoft and get back to them with an update so they could follow through with replacing the hard drive if necessary.

I have a feeling that a Windows Update changed something on the system like a driver, or the Dell Update Client automatically installed something like a BIOS or TPM update, which triggered Bitlocker to somehow turn on unattended and encrypt the drive.

You have been warned.

Related

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *