VeraCrypt developer says Microsoft lock could leave Windows users unable to boot

April 8, 2026
aisecuritybusinesslaw
Close-up of a padlock on an old, rustic wooden door in grayscale.
Photo by Aleksandar Djordjevic on Pexels

What happened

VeraCrypt developer Mounir Idrassi says Microsoft has blocked access to the account he used to sign Windows drivers and the bootloader — and it has been reported that the account was terminated with no explanation or avenue for appeal. Idrassi, who is based in Japan, told TechCrunch he couldn't reach a human at Microsoft and that the company requires re-verification for developer accounts like his. For now, he can still push updates to Linux and macOS users, but Windows updates are stalled.

Why it matters

VeraCrypt is widely used open-source encryption software — nearly a million downloads of the latest Windows installer since May 2025, according to the project — and many users rely on it to encrypt entire systems. Idrassi warned that if Microsoft revokes the certificate used to digitally sign VeraCrypt, machines encrypted with VeraCrypt’s system-encryption could fail to boot in a few months, around late June. “If the issue is not resolved by then, it would essentially mean a death sentence for VeraCrypt,” he told TechCrunch. It has been reported that Microsoft did not immediately comment when contacted.

Broader context

This is a stark illustration of how much power platform owners still hold over software distributed through their ecosystems. Relying on a single vendor-controlled account for critical signing keys can be a single point of failure — and developers and users feel the squeeze when that account is suspended, revoked or otherwise disabled. Earlier this year, another developer’s Apple account lockout made headlines and was reversed only after public pressure; the lesson: when platforms flip the switch, the fallout can be immediate.

What users should know

Idrassi says VeraCrypt will continue to work for affected users for now and that no security issues have been identified, so there’s no immediate panic button to press. But the clock is ticking. If you use full-disk encryption, keep backups and follow project updates — and ask yourself an uncomfortable question: should critical trust infrastructure for open-source security tools live behind a single corporate gate?

Sources: techcrunch