- Created: Thursday, 01 October 2015
- Written by Paul Grigg
Encrypting files is a really useful mechanism for protecting sensitive information. But there’s a risk that you might not be able to access the information in the future. Here’s a tale from our frontline support team.
We recently took on a new customer. One of the first calls we received was that they couldn’t access some important documents on their server that were created a couple of years ago. We quickly discovered an employee had encrypted them using the built in Windows encryption facility. The employee had left some time ago and their account had since been deleted.
If Windows encryption is set up properly and the Administrator’s recovery key stored safely this isn’t a problem, the Administrator can simply decrypt the file. Unfortunately the previous support company hadn’t saved the administrator’s recovery key somewhere safe. The situation seemed hopeless without the resources of the NSA’s supercomputers to crack the key.
Luckily there is recycle bin for user accounts which stores them for 6 months after deletion. We were able to recover the account, login as them and then decrypt the files. If we had discovered the issue as much as one month later this wouldn’t have been possible and the files permanently lost.
To stop this happening again we setup their Windows encryption properly, generated a new Administrator’s recovery key, recovered other accounts used to encrypt files on their server, audited and decrypted every file on their server, and finally re-encrypted the sensitive files.