External HD got encrypted and now I can't access it

opes · Dec 4, 2023

I can see why your work laptop encrypted it. It sounds like network encryption on any physical storage. My company wont allow me even plugging in USB storage devices. I'm assuming they are using a bitlocker. If that is the case those keys will actually be stored on your laptop. IT support should be able to get you access to your data if they are worth their salt. If anything, when attached in recovery mode should show that volume.

opes · Dec 4, 2023

@drbretto probably has better knowledge than me on this

cgori · Dec 4, 2023

I can also imagine how it got bitlocker'd on attach. Almost for sure your company IT should be able to un-bitlocker it, though you might have to to escalate past frontline support to get them to do it. And yes, those encryption keys should be local to your laptop.

You know this now, but never co-mingle your personal and corp devices. All kinds of bad stuff can happen (like this).

AlNipper49 · Dec 4, 2023

opes said:
I can see why your work laptop encrypted it. It sounds like network encryption on any physical storage. My company wont allow me even plugging in USB storage devices. I'm assuming they are using a bitlocker. If that is the case those keys will actually be stored on your laptop. IT support should be able to get you access to your data if they are worth their salt. If anything, when attached in recovery mode should show that volume.

You are 99% most likely correct. Corporate IT most likely has a default policy for bitlocker. It’s pretty dumb auto-encrypting any device that touches it, but mistakes or inexperience can happen. The good news is the IT department should have the unencryption key (and if they don’t then that’s kind of a big deal, it’s delinquent at best)

opes · Dec 4, 2023

just never click format if you plug it anywhere else until you get that data back. You format it and its hosed.

AlNipper49 · Dec 4, 2023

I just chewed on it a bit more. I used delinquent too harshly. I could see a policy like that being a compromise between having USB availability and not having it at all. It would most likely be noted in the acceptable use policy in your employee handbook.

opes · Dec 4, 2023

AlNipper49 said:
You are 99% most likely correct. Corporate IT most likely has a default policy for bitlocker. It’s pretty dumb auto-encrypting any device that touches it, but mistakes or inexperience can happen. The good news is the IT department should have the unencryption key (and if they don’t then that’s kind of a big deal, it’s delinquent at best)

IIRC, for bitlocker, the keys are on that laptop.

Max Power · Dec 4, 2023

tims4wins said:
So I've had a Seagate external HD for like 10 years that I would periodically move photos from my phone to when I ran out of storage. Needless to say, I have a LOT of family photos on there. Thousands. Wedding pictures, newborn pictures, etc.

Somehow, connecting it to my corporate laptop encrypted it, and I can't access it.

I've tried bringing it to a local IT place and they couldn't access it. I also tried bringing it to my company walkup support and they couldn't help either.

I'm stuck and my wife and I are super upset if we have lost all of these pictures which we thought were secure.

Help?!

When you connect it to the work laptop again, is it accessible?

Bitlocker keys are typically backed up to the computer object in Active Directory. Someone in IT should be able to get that for you, but you'll need to connect it to a Windows PC to decrypt it. And like others have said, don't try to write any data to it.

You should also reconsider your backup situation. An external drive is much more likely to fail that to be accidentally encrypted. Either way, you've lost your data. There's a current thread in TBLTS about cloud options.

drbretto · Dec 4, 2023

opes said:
@drbretto probably has better knowledge than me on this

Sadly no, but I asked gpt just in case and it is saying pretty much the same thing here:

It sounds like the external hard drive might have been encrypted by the corporate network's security policies. Here are some steps you can take to address this situation:

Identify the Encryption Type: Determine if the encryption is a part of the corporate network's security measures. If it's BitLocker (common in Windows environments), you'll see a prompt for a recovery key when you try to access the drive.

Recovery Key: If it's corporate-imposed encryption, the IT department should have the recovery key. You'll need to contact them. It's crucial to explain the situation and verify if they have policies regarding personal devices connected to the network.

Decrypting the Drive: Once you have the recovery key, you can use it to decrypt the drive. For BitLocker, this would be done through the Control Panel in Windows.

Data Recovery Software: If you don't have access to the recovery key or if the encryption is of a different type, you might need to use data recovery software. However, success is not guaranteed, especially with strong encryption.

Professional Help: If the above steps don’t work, consider professional data recovery services. They have more advanced tools and techniques, but be prepared for potential costs.

Prevent Future Incidents: To avoid such situations, consider keeping personal and work data separate. Also, regularly back up data in multiple locations.

From my dealings with corporate offices, someone almost certainly does have your key, but either might not know it or it was handled by someone higher up and they just don't know about it. I would keep trying them.

I haven't tried decryption software to restore a hard drive in like 10 years so I don't know if it's any better these days, but I never had any luck.

DJnVa · Dec 4, 2023

tims4wins said:
I'm stuck and my wife and I are super upset if we have lost all of these pictures which we thought were secure.

They sound secure to me.

cgori · Dec 4, 2023

That's 99.9% likely not bitlocker then, that's some enterprise thing that will depend on how it is configured at corporate. Escalation is almost certainly gonna be necessary.

opes · Dec 4, 2023

oh yea. I've managed crowd strike. Need to talk to your security EDR team. aka Endpoint detection and response.
EDIT: i should add crowdstrike possibly saw a new volume on the network and quarantined it. But yea, this needs to go to the security team.

Bergs · Dec 8, 2023

I don't know why, but I kinda want an update on this!

wade boggs chicken dinner · Dec 8, 2023

Apparently, McAfee has a chat you might want to try (see discussion in this thread): https://forums.mcafee.com/t5/General-Discussions/Forgotten-Password-McAfee-File-and-Removable-Media-Protection/td-p/708968

sezwho · Dec 8, 2023

tims4wins said:
I rarely go in the office so it may be a while.
Thanks, this is worth a shot.

Good luck!

I’m also now wondering how it works out. This has to be a thing that happens often enough that a soft landing is baked in for the ‘white hat’ use cases, no?

cgori · Mar 16, 2024

tims4wins said:
I rarely go in the office so it may be a while.

Did this ever get resolved? I'm still kinda curious ...

External HD got encrypted and now I can't access it

PN23's replacement

Doctor Tongue

Doctor Tongue

Member

Huge Member

Doctor Tongue

Huge Member

Doctor Tongue

thai good. you like shirt?

Member

Dorito Dawg

PN23's replacement

Member

PN23's replacement

Doctor Tongue

PN23's replacement

funky and cold

Member

PN23's replacement

Member

Member

PN23's replacement