Turn off encryption ?

Topic

New Reply

With all the hazards of running an encrypted boot or data volume– not the least of which is ransomware– I would like to remove system encryption.

Of course, I realize that if I simply disabled / switched off encryption, any “smart” malware could switch it back on.

So, I want to remove encryption permanently from system options.

What is the best and most stable way of doing so?

Reply | Quote

Replies

I’m afraid that if your machine is infected you are out of luck. The malware can do what it wants especially if you are running an admin level account.

Joe

--Joe

Reply | Quote

Isn’t the OP asking how to remove the software that can be used to encrypt files so that it is not available to be used by anyone, especially crooks who hold users to ransom?

David

Reply | Quote

One can disable enscription via services and/or msconfig. However, removing anything from within Windows Prime is fraught with peril! I removed WD once and received a Windows 7 7601 is nonGenuine message. Back then, I did not know of NoelDP/sevenforums.com solutions — ended up reinstalling W7Pro. Make sure you have two external HD backups of your OS partition before venturing into removing anything from within Windows Prime.

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

RolandJS–
Thank you for that– it is never enough to have only a single system image before undertaking a serious operation.
And because HDs fail, keep each image set on a separate USB external HD.

Reply | Quote

While you can of course do what you will, I’m not sure that ransomware is the best reason to remove encryption from a system. I’d be more concerned with issues like the accessibility of data under conditions of system failure or system transitions.

Encryption might actually help protect your system when faced with ransomware (it all depends upon how the malware attacks your system). If the ransomware can piggyback on your system credentials then an encrypted volume doesn’t help. However if the ransomware only sees your system as a discrete set of components and the ransomware itself only has physical access, then encryption could be a very effective blocking mechanism.

Reply | Quote

Ransomware will have its own encryption – it only needs to be simple and must work everywhere – so your proposed change won’t make any difference.

cheers, Paul

Reply | Quote

Paul–
Your comment shows you clearly understood the question.

Thanks.

Reply | Quote

Summary, then:

1. You can turn off encryption, but not remove it altogether from the operating system
2. If you turn off the Encryption Service, you will no longer be able to read files that were previously encrypted (until you turn it on again)
3. It is easy enough for malware to turn the Service on again no matter what you have done, but . . .
3. Ransomware, CryptoLocker for example, has its own encryption mechanism so your “turning off encryption” gives you no protection
4. Ransomware can use the native encryption/decryption service to get at files which are already encrypted (even if you have turned the service off) so that is no protection either
4. Image backups enable total recovery from a Ransomware attack – as long as you backup frequently enough

Reply | Quote

Summary, then:

4. Image backups enable total recovery from a Ransomware attack – as long as you backup frequently enough

Only if you remove the backup media after each backup is done. Otherwise, Ransomware can encrypt your backup as well.

Jerry

Reply | Quote

MartinM–
Like Paul, you understood I planned to remove encryption in order to pre-empt a ransomware attack which uses system encryption against itself. As you point out in item 3, however, removal of system encryption does not deprive ransomware of the ability to encrypt files.

So, my question is now focused on the general desirability of having a system with fewer points-of-failure. Prior experience with encryption has produced no problems, but I am aware that if the key becomes lost or corrupted, I have no recourse.

Yes, I am another disciple of the “backup as often as possible” principle.Typically, a person never can have too many system images.

Reply | Quote

As PaulT says, ransomware uses 2048bit RSA encryption algorithm that it brings with it and joyfully notifies you of. It does not use the encryption software present on some versions of Windows (bitlocker). So removing bitlocker, assuming you actually even have it, doesn’t do squat to protect your system.

And modern ransomware will install itself onto every hard drive, SSD and any other writable drive it finds on the network…so an external backup only works as protection–as jwitalka said–if it is offline at the time during the infection.

Reply | Quote

Could not agree more. My original idea of disabling encryption was a non-starter, because smart malware simply could flip the service back on. My second idea was not merely to disable, but remove encryption so nothing could be flipped back on.

Now, I have been informed the attacker does not use native encryption routines, anyway. So, I am confirmed in my belief multiple images, kept on separate USB external HDs, are the only answer.

Of course, finding a system infected means never attaching the image drive until the boot volume has been nuked into oblivion, for good measure.

Reply | Quote

…I am confirmed in my belief multiple images, kept on separate USB external HDs, are the only answer…

You’re on the right track there…

Reply | Quote

It’s a very good idea to keep the backup disk(s) offline for this and other reasons.

You might survive if you leave it connected – the Ransomware only encrypts certain file types (or it would trash your OS and there’d be no way back) and I don’t believe that many image backup extensions are included.

BUT I wouldn’t rely on that, and after reading this, I suppose they will be included :rolleyes:

Reply | Quote

MartinM–
It is unlikely a malware coder would need to search for image extensions, since most people disconnect the USB external HD after imaging. That said, there is the minuscule number of users who still have not reflected on the risk of leaving the external USB drive active and connected.

Reply | Quote