Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bitlocker. Show all posts
Water Authority
Bitlocker Cyber Attacks Ransomware Romania Water Authority

BitLocker Ransomware Attack Cripples Romanian Water Authority’s IT Systems

 

Romania's national water management authority, Administrația Națională Apele Române (Romanian Waters), was targeted in a sophisticated ransomware attack on December 20, 2025, compromising approximately 1,000 IT systems across the organization. The cyberattack affected 10 of the country's 11 regional water basin administrations, including facilities in Oradea, Cluj, Iași, Siret, and Buzău.

Modus operandi 

The attackers employed an unusual tactic by weaponizing Windows BitLocker, a legitimate encryption tool designed to protect data, to lock files on compromised systems. Rather than deploying traditional ransomware, the threat actors exploited this built-in Windows security feature in a "living off the land" approach that differs from typical ransomware group operations. After encrypting the systems, the attackers left ransom notes demanding that officials contact them within seven days.

The breach affected critical IT infrastructure including Geographical Information System servers, database servers, email and web services, Windows workstations, and Domain Name Servers. Romanian Waters' website went offline, forcing the agency to share official updates through alternative communication channels.

Despite the extensive IT compromise, the attack did not affect operational technology systems controlling actual water infrastructure. Water management operations continued through dispatch centers using voice communication channels, with hydrotechnical facilities operated locally by on-site personnel coordinated via radio and telephone. Romanian authorities emphasized that forecasting and flood protection activities remained unaffected, with all water control systems functioning within normal parameters.

Investigation and response

Multiple Romanian security agencies, including the National Cyber Security Directorate and the Romanian Intelligence Service's National Cyberint Center, are investigating the incident. The attack vector has not yet been identified, and no ransomware group or state-backed threat actor has claimed responsibility. Officials issued strict guidance against contacting or negotiating with the attackers, emphasizing that ransom payments fund criminal operations and encourage future attacks.

The incident exposed critical gaps in Romania's infrastructure protection framework, as the water authority's systems were not previously integrated into the national cyber defense network. Authorities have initiated steps to incorporate water infrastructure into the national cybersecurity defense system managed by the National Cyber Intelligence Center.
Read more »
Microsoft
Bitlocker BitLocker encryption CPU CPU vulnerabilities Cyber Security Hardware Hardware Encryption Microsoft

Microsoft Introduces Hardware-Accelerated BitLocker to Boost Windows 11 Security and Performance

 

Microsoft is updating Windows 11 with hardware-accelerated BitLocker to improve both data security and system performance. The change enhances full-disk encryption by shifting cryptographic work from the CPU to dedicated hardware components within modern processors, helping systems run more efficiently while keeping data protected. 

BitLocker is Windows’ built-in encryption feature that prevents unauthorized access to stored data. During startup, it uses the Trusted Platform Module to manage encryption keys and unlock drives after verifying system integrity. While this method has been effective, Microsoft says faster storage technologies have made the performance impact of software-based encryption more noticeable, especially during demanding tasks. 

As storage speeds increase, BitLocker’s encryption overhead can slow down activities like gaming and video editing. To address this, Microsoft is offloading encryption tasks to specialized hardware within the processor that is designed for secure and high-speed cryptographic operations. This reduces reliance on the CPU and improves overall system responsiveness. 

With hardware acceleration enabled, large encryption workloads no longer heavily tax the CPU. Microsoft reports that testing showed about 70% fewer CPU cycles per input-output operation compared to software-based BitLocker, although actual gains depend on hardware configurations. 

On supported devices with NVMe drives and compatible processors, BitLocker will default to hardware-accelerated encryption using the XTS-AES-256 algorithm. This applies to automatic device encryption, manual activation, policy-based deployment, and script-driven setups, with some exceptions. 

The update also strengthens security by keeping encryption keys protected within hardware, reducing exposure to memory or CPU-based attacks. Combined with TPM protections, this moves BitLocker closer to eliminating key handling in general system memory.  

Hardware-accelerated BitLocker is available in Windows 11 version 24H2 with September updates installed and will also be included in version 25H2. Initial support is limited to Intel vPro systems with Intel Core Ultra Series 3 (Panther Lake) processors, with broader system-on-a-chip support planned. 

Users can confirm whether hardware acceleration is active by running the “manage-bde -status” command. Microsoft notes BitLocker will revert to software encryption if unsupported algorithms or key sizes are used, certain enterprise policies apply, or FIPS mode is enabled on hardware without certified cryptographic offloading.
Read more »
Romanian Waters
Bitlocker Cyber Attacks OT security Ransomware Romanian Waters

Romanian Water Authority Hit by BitLocker Ransomware, 1,000 Systems Disrupted

 

Romanian Waters, the country's national water management authority, was targeted by a significant ransomware attack over the weekend, affecting approximately 1,000 computer systems across its headquarters and 10 of its 11 regional offices. The breach disrupted servers running geographic information systems, databases, email, web services, Windows workstations, and domain name servers, but crucially, the operational technology (OT) systems controlling the actual water infrastructure were not impacted.

According to the National Cyber Security Directorate (DNSC), the attackers leveraged the built-in Windows BitLocker security feature to encrypt files on compromised systems and left a ransom note demanding contact within seven days. Despite the widespread disruption to IT infrastructure, the DNSC confirmed that the operation of hydrotechnical assets—such as dams and water treatment plants—remains unaffected, as these are managed through dispatch centers using voice communications and local personnel.

Investigators from multiple Romanian security agencies, including the Romanian Intelligence Service's National Cyberint Center, are actively working to identify the attack vector and contain the incident's fallout. Authorities have not yet attributed the attack to any specific ransomware group or state-backed actor. 

The DNSC also noted that the national cybersecurity system for critical IT infrastructure did not previously protect the water authority's systems, but efforts are underway to integrate them into broader protective measures. The incident follows recent warnings from international agencies, including the FBI, NSA, and CISA, about increased targeting of critical infrastructure by pro-Russia hacktivist groups such as Z-Pentest, Sector16, NoName, and CARR. 

This attack marks another major ransomware event in Romania, following previous breaches at Electrica Group and over 100 hospitals due to similar threats in recent years. Romanian authorities continue to stress that water supply and flood protection activities remain fully operational, and no disruption to public services has occurred as a result of the cyberattack.
Read more »
Windows 11 reset
Bitlocker BitLocker encryption BitLocker recovery key Cyber Security Data Loss Microsoft account Windows 11 Windows 11 reset

Windows 11’s Auto-Enabled BitLocker Locks User Out of Terabytes of Data — Here’s What Happened

 

Microsoft first introduced BitLocker drive encryption with Windows Vista back in 2007, though it was initially limited to the Enterprise and Ultimate editions. Over the years, it evolved into a core security feature of Windows. With Windows 11, Microsoft went a step further — BitLocker now activates automatically when users sign in with a Microsoft account during the setup process (OOBE). While this auto-encryption aims to secure user data, it has also caused some serious unintended consequences.

That’s exactly what happened to one unfortunate Reddit user, u/Toast_Soup (referred to as “Soup”), who ended up losing access to their data after a Windows reinstall.

Soup noticed their PC was lagging and decided to perform a clean installation of Windows. Their system had six drives — including the boot drive and two large backup drives (D: and E:), each with around 3TB of data. But once the reinstall was complete, those two drives appeared to have vanished. They were locked by BitLocker encryption, despite Soup never manually turning the feature on.

Unaware that Windows 11 automatically encrypts drives linked to a Microsoft account, Soup didn’t have the necessary BitLocker recovery keys — keys they didn’t even know existed. Without them, the data became permanently inaccessible. Even professional data recovery software couldn’t help, since BitLocker’s encryption is designed to prevent unauthorized access.

Desperate, Soup reinstalled Windows again, only to face the same encryption prompt — this time for the boot drive. Thankfully, they noted down the new recovery key and regained access to Windows. Unfortunately, their D: and E: drives remained permanently locked. When Reddit users suggested checking Microsoft account settings, Soup confirmed that only the key for the main C: drive was listed there.

What makes this situation worse is that BitLocker doesn’t just risk unexpected data lockouts — it can also impact system performance. Previous testing has shown that the software-based version of BitLocker can reduce SSD read/write speeds by up to 45%, as the CPU must continuously encrypt and decrypt data. This slowdown could explain the lag Soup noticed before resetting their system.

It’s worth noting that hardware-based encryption (known as OPAL) performs much better but isn’t what Windows 11 enables automatically. Some users in the Reddit thread also mentioned that even small system changes — like altering boot order — can unexpectedly trigger BitLocker on Windows 11 Home, even with a local account.

Windows 10 doesn’t exhibit the same automatic encryption behavior, nor does upgrading from Windows 10 to 11. Unfortunately, in Soup’s case, there’s little left to do other than wipe the drives and start over.

To avoid similar disasters, users should check BitLocker settings immediately after setup, disable automatic encryption if desired, and securely back up recovery keys. Always maintain external backups of crucial data — because once BitLocker takes over without your knowledge, recovery may not be possible.
Read more »
Windows 11 security
Bitlocker Cyber Security Cybersecurity Data protection Device Security Hardware Encryption Secure Boot System Integrity TPM 2.0 Windows 11 security

Bypassing TPM 2.0 in Windows 11 While Maintaining System Security

 


One of the most exciting features of Windows 11 has been the inclusion of the Trusted Platform Module, or TPM, as Microsoft announced the beginning of a new era of computing. Users and industry observers alike have been equally intrigued and apprehensive about this requirement. 

TPM is an important hardware feature that was originally known primarily within cybersecurity and enterprise IT circles, but has now become central to Microsoft's vision for creating a more secure computing environment. 

However, this unexpected requirement has raised a number of questions for consumers and PC builders alike, resulting in uncertainty regarding compatibility, accessibility, and the future of personal computing security. Essentially, the Trusted Platform Module is a specialised security chip incorporated into a computer's motherboard to perform hardware-based cryptographic functions. 

The TPM system is based upon a foundational hardware approach to security, unlike traditional software systems that operate on software. As a result, sensitive data such as encryption keys, passwords, and digital certificates are encapsulated in a protected enclave and are protected from unauthorised access. This architecture ensures that critical authentication information remains secured against tampering and unauthorised access, no matter what sophisticated malware attacks are launched. 

A key advantage of the technology is that it allows devices to produce, store, manage, and store cryptographic keys securely, authenticate hardware by using unique RSA keys that are permanently etched onto the chip, and monitor the boot process of the system for platform integrity. 

The TPM performs the verification of each component of the boot sequence during startup, ensuring that only the proper firmware and operating system files are executed and that rootkits and unauthorised modifications are prevented. When multiple errors occur in authorisation attempts, the TPM's internal defence system engages a dictionary attack prevention system, which temporarily locks out further attempts to gain access and keeps the system intact, preventing multiple incorrect authorisation attempts. 

It has been standardised by the Trusted Computing Group (TCG) and has been developed in multiple versions to meet the increasing demands of security. With Windows 11, Microsoft is making a decisive move towards integrating stronger, hardware-based safeguards across consumer devices, marking a decisive shift in the way consumer devices are secured. 

Even though Microsoft has stated its intent to protect its users from modern cyber threats by requiring TPM 2.0, the requirement has also sparked debate, particularly among users whose PCs are old or custom-built and do not support it. It is difficult for these users to find the right balance between enhanced security and the practical realities of hardware limitations and upgrade constraints.

In Microsoft's Windows 11 security architecture, the Trusted Platform Module 2.0 is the cornerstone of the system, a dedicated hardware security component that has been embedded into modern processors, motherboards, and even as a standalone chip, as part of Microsoft's security architecture. It is a sophisticated module that creates a secure, isolated environment for handling cryptographic keys, digital certificates, and sensitive authentication data. As a result, it creates an environment of trust between the operating system and the hardware. 

By incorporating cryptographic functionality within a secure and isolated environment, TPM 2.0 is capable of preventing malicious software from infecting and compromising a system, as well as preventing firmware tampering and other software-driven attacks that attempt to compromise a system's security. 

A variety of security functions are controlled by the module. With Secure Boot, TPM 2.0 ensures only trusted software components are loaded during system startup, thus preventing malicious code from being embedded during the most vulnerable stage of system booting. A device encryption program like Microsoft's BitLocker utilises TPM to secure data with cryptographic barriers that are accessible only by authenticated users.

In addition to the attestation feature, organisations and users can also verify both the integrity and authenticity of both hardware and software, while robust key management also makes it possible to generate and store encryption keys directly in the chips, which ensures a secure storage environment for the security keys. 

With the introduction of TPM 2.0 in 2014, the replacement of TPM 1.2 brought significant advances in cryptography, including stronger cryptographic algorithms like SHA-256, improved flexibility, as well as greater compatibility with modern computing environments. A global consortium known as the Trusted Computing Group (TCG), the standard's governing body, is a group dedicated to establishing open and vendor-neutral specifications that will enhance interoperability and standardize hardware-based security across all platforms through open, vendor-neutral specifications. 

As a result of Microsoft's insistent reintroduction of TPM 2.0 for Windows 11, which is a non-negotiable requirement as opposed to an optional feature as in Windows 10, we have taken a step towards strengthening the integrity of hardware at the device level. In spite of the fact that it is technically possible to get around the requirement of installing Windows 11 on unsupported systems by bypassing this requirement, Microsoft strongly discourages any such practice, stating that it undermines the intended security framework and could restrict the availability of future updates. 

Despite the fact that Windows 11 has brought the Trusted Platform Module (TPM) into mainstream discussion, its integration within Microsoft's ecosystem is far from new, nor is it a new concept. Prior versions of Windows, like Windows 10, had long supported TPM technology, which is especially helpful when working with enterprise-grade devices that need data protection and system integrity. 

Several companies have adopted TPMs initially for their laptops and desktops thanks to their stringent IT security standards, which have led to these compact chips being largely replaced by traditional smart cards, which once served as physical keys to authenticate the system.

A TPM performs the same validation functions as smart cards, which require manual insertion or contact with a wireless reader in order to confirm the system integrity. TPMs do this automatically and seamlessly, which ensures both convenience and security. As the operating system becomes increasingly dependent on TPM technology, more and more features will be available. Windows Hello, an extremely popular feature that uses facial recognition to log in to the user's computer, also relies heavily on a TPM for the storage of biometric data and identity verification.

In July 2016, Microsoft mandated support for TPM 2.0 in Windows 10 Home editions, Business editions, Enterprise editions, and Education editions, a policy that naturally extended into Windows 11, which also requires this capability in order to function properly. Despite this mandate, in some cases, a TPM might exist inside a system but remain inactive in certain circumstances. 

In other words, it ensures that both consumer and business systems benefit from a uniform hardware-based security standard. It is quite common for computer systems configured with old BIOS settings, rather than the modern UEFI (Unified Extensible Firmware Interface), to not allow TPM functionality by default. It is possible for users to verify how their system is configured through Windows System Information, and they can then enable the TPM through the UEFI settings if necessary. 

As a result of the auto-initialisation and ownership of the TPM during installation, Windows 10 and Windows 11 eliminate the need for manual configuration during installation. Additionally, TPM's utility extends beyond Windows and applies to a multitude of platforms. There has been a rapid increase in the use of TPM in Linux distributions and Internet of Things (IoT) devices for enhanced security management, demonstrating its versatility and importance to the protection of digital ecosystems. 

In addition to this, Apple has developed its own proprietary Secure Enclave, which performs similar cryptographic operations and protects sensitive user information on its own hardware platform as a parallel approach to its own hardware architecture. There is a trend in the industry toward embedding security at the hardware level, which represents a higher level of security that continues to redefine how modern computing environments can defend themselves against increasingly sophisticated threats, as these technologies play together. 

During the past few years, Microsoft has simplified the integration of the Trusted Platform Module (TPM) to the highest degree possible, beginning with Windows 10 and continuing through Windows 11. This has been done by ensuring that the operating system takes ownership of the chip during the setup process by automating the initialisation process. By automating the configuration process, the TPM management console can be used to reduce the need for manual configuration, which simplifies deployment. 

In the past, certain Group Policy settings of Windows 10 permitted administrators even to back up TPM authorisation values in Active Directory and ensure continuity of cryptographic trust across system reinstalls. However, these exceptions mostly arise when performing a clean installation or resetting a device. In enterprise settings, TPM has a variety of practical applications, including ensuring continuity of cryptographic trust across reinstallations. 

With the TPM-equipped systems, certificates and cryptographic keys are locked to the hardware itself and cannot be exported or duplicated without authorisation, effectively substituting smart cards with these new security systems. In addition to strengthening authentication processes, this transition reduces the administrative costs associated with issuing and managing physical security devices significantly. 

Further, TPM's automated provisioning capabilities streamline deployment by allowing administrators to verify device provisioning or state changes without the need for a technician to physically be present. Apart from the management of credentials, TPM is also an essential part of preserving the integrity of a device's operating system as well. 

The purpose of anti-malware software is to verify that a computer has been launched successfully and has not been tampered with, making it a key safeguard for data centres and virtualised environments using Hyper-V. When it comes to large-scale IT infrastructures, features like BitLocker Network Unlock are designed to allow administrators to update or maintain their systems remotely while remaining assured that they remain secure and compliant without manually modifying the system. 

As a means of further enhancing enterprise security, device health attestation is a process that allows organisations to verify both hardware and software integrity before permitting access to sensitive corporate resources. With this process, managed devices communicate their security posture, including information about Data Execution Prevention, BitLocker Drive Encryption, and Secure Boot, enabling Mobile Device Management (MDM) servers to make informed choices on how access can be controlled. 

As a result of these capabilities, TPM is no longer just a device that provides hardware security features; it is now a cornerstone of trusted computing that enables enterprises to bridge security, manageability, and compliance issues across the multi-cloud or multi-domain platforms they have adopted. 

Despite the changing nature of the digital landscape, Microsoft's Trusted Platform Module stands as a defining element of its long-term vision of secure, trustworthy computing by embedding security directly into the hardware. By doing so, a proactive approach to security can be taken instead of a reactive defence.

There is no doubt that the growing realisation that system security must begin on the silicon level, where vulnerabilities are the easiest to exploit, is further evidenced by the integration of TPM across both consumer and enterprise devices. When organisations and users embrace TPM, they not only strengthen data protection but also prepare their systems for the next generation of digital authentication, encryption, and compliance standards that will be released soon. 

Considering that cyber-threats are likely to become even more sophisticated as time goes on, the presence of TPM ensures that security remains an integral principle of the modern computing experience rather than an optional one.
Read more »
Vulnerabilities and Exploits
AES-XTS Bitlocker encryption system Microsoft Vulnerabilities and Exploits

BitLocker Vulnerability Exposes Encryption Flaws: A New Challenge for Cybersecurity

 

Password theft has recently dominated headlines, with billions of credentials compromised. Amid this crisis, Microsoft has been pushing to replace traditional passwords with more secure authentication methods. However, a new vulnerability in the Windows BitLocker full-disk encryption tool has raised concerns about the security of even the most advanced encryption systems.

A medium-severity flaw in BitLocker, identified as CVE-2025-21210, has exposed the encryption system to a novel randomization attack targeting the AES-XTS encryption mode. This vulnerability highlights the increasing sophistication of cyberattacks against full-disk encryption systems. When exploited, it allows attackers to alter ciphertext blocks, causing sensitive data to be written to disk in plaintext.

Jason Soroko, Senior Fellow at Sectigo, explained the implications of this vulnerability. “BitLocker uses AES-XTS encryption to ensure that even if someone physically accesses the hard drive, they cannot easily read the data without the encryption key,” he noted. However, this new attack bypasses traditional decryption methods by manipulating how encrypted data is handled.

How the Randomization Attack Works

To illustrate the attack, Soroko used an analogy involving a library of books. “Rather than stealing or directly reading the books, the hacker subtly modifies certain pages (the ciphertext blocks) in multiple books,” he explained. While the rest of the book remains intact and unreadable, tampering with specific pages can cause the library’s system to misplace or disclose critical data.

Over time, these subtle modifications can lead to bits of data being written in plaintext, exposing sensitive information without directly breaking the encryption. “The real danger is that this method doesn’t require breaking the encryption directly,” Soroko concluded. “Instead, it manipulates how the encrypted data is handled, allowing attackers to bypass security measures and access sensitive information.”

Mitigating the Risk

To defend against such attacks, Soroko emphasized the importance of keeping encryption software up-to-date with the latest security patches. Additionally, organizations should:

  1. Restrict Physical Access: Ensure that devices with sensitive data are physically secure to prevent tampering.
  2. Monitor Systems: Regularly check for unusual activity that might indicate an attack or unauthorized access.
  3. Implement Layered Security: Combine encryption with other security measures, such as multi-factor authentication (MFA) and intrusion detection systems.

This vulnerability underscores the evolving nature of cyber threats. Even robust encryption systems like BitLocker are not immune to sophisticated attacks. As cybercriminals develop new methods to exploit vulnerabilities, organizations must remain vigilant and proactive in their cybersecurity strategies.

Microsoft’s push toward passwordless authentication is a step in the right direction, but this incident highlights the need for continuous improvement in encryption technologies. Companies must invest in advanced security solutions, regular system updates, and employee training to stay ahead of emerging threats.

The BitLocker vulnerability serves as a stark reminder that no system is entirely foolproof. As encryption technologies evolve, so do the methods used to exploit them. Organizations must adopt a multi-layered approach to cybersecurity, combining encryption with other protective measures to safeguard sensitive data. By staying informed and proactive, we can better defend against the ever-changing landscape of cyber threats.

Read more »
Windows Security
Bitlocker Security flaw TPM Vulnerabilities and Exploits Windows Security

TPM-Equipped Devices Trigger Warnings Due to a Windows BitLocker Flaw

 

Microsoft is examining a flaw that activates security alerts on systems equipped with a Trusted Platform Module (TPM) processor after enabling BitLocker. 

A Windows security feature called BitLocker encrypts storage discs to guard against data leakage or theft. Redmond claims that when combined with a TPM, it "provides maximum protection" "to ensure that a device hasn't been tampered with while the system is offline.”  

TPMs are specialised security processors that offer hardware-based security features and serve as reliable hardware parts for storing private data, including encryption keys and other security credentials.

The company stated in a notice issued past week that unmanaged devices, or BYOD (bring your own device), are also impacted by this known vulnerability. These are typically privately held devices utilised in business settings that can be secured or onboard using methods provided by the IT or security department of each firm.  

Users of vulnerable Windows 10 and 11 PCs will notice a "For your security, some settings are managed by your administrator" alert "in the BitLocker control panel and other places in Windows.” 

The tech giant noted that it is currently working on a fix and will provide further details regarding the flaw when it has more information. In April 2024, Microsoft resolved another issue that led to faulty BitLocker drive encryption issues in select managed Windows environments. In October 2023, the company classified this as a reporting issue with no impact on drive encryption.  

Microsoft revealed in June 2021 that TPM 2.0 is required for installing or upgrading to Windows 11, claiming that it will make PCs more resistant to manipulation and sophisticated cyberattacks. However, this has not prevented Windows users from developing a variety of tools, programs, and strategies to circumvent it. 

More than three years later, in December 2024, Redmond emphasised that TPM 2.0 compliance is a "non-negotiable" condition, as consumers will be unable to upgrade to Windows 11 without it. According to Statcounter Global data, more than 62% of all Windows computers globally are still using Windows 10, with less than 34% on Windows 11 three years after its October 2021 launch. 
Read more »
Subscribe to: Comments (Atom)