Microsoft has abruptly terminated the account used by VeraCrypt developer Mounir Idrassi to sign Windows drivers and bootloaders, potentially leaving millions of encrypted systems unable to boot starting in mid-2026. In an online post on March 30, Idrassi stated that Microsoft provided no explanation or appeal process for the account termination, which he has relied on for years to distribute updates. The Japan-based developer attempted to contact Microsoft but was unable to reach a human representative, exacerbating the crisis for a critical piece of open-source encryption software.
VeraCrypt is a widely used, open-source encryption tool that allows users to scramble files with password protection or encrypt an entire operating system to guard against pre-boot attacks. The latest Windows version, published in May 2025, has seen its installer file downloaded nearly a million times since release. This incident underscores the immense power tech giants wield over software distributed on their platforms, where account revocations can occur under mutable rules without warning.
Idrassi warned that devices running VeraCrypt will soon face boot failures if the issue remains unresolved. Microsoft requires developers to periodically re-verify software security, and without access to his account, Idrassi cannot apply necessary updates. “For affected users, there is nothing special to do for now as VeraCrypt will continue to work, and there are no security issues identified currently,” he told TechCrunch on Wednesday. However, the looming threat centers on system encryption, which scrambles the OS until a password is entered.
Starting around late June, users with system encryption enabled may experience boot-up issues. Idrassi explained that Microsoft plans to revoke the certificate authority used to digitally sign the VeraCrypt bootloader, a standard anti-tampering measure. “Users who have enabled system encryption with VeraCrypt may face boot issues after July 2026 because Microsoft will revoke the [certificate authority] that was used to sign the VeraCrypt bootloader,” he said. “A new Microsoft CA must be used for bootloaders to continue working.”
Without the ability to sign software with a new certificate, VeraCrypt could become unusable on Windows. “I will not be able to apply the required new signature to VeraCrypt, making it impossible to boot,” Idrassi noted. He starkly concluded, “If the issue is not resolved by then, it would essentially mean a death sentence for VeraCrypt.” A Microsoft spokesperson did not immediately comment when reached for a statement.
This situation highlights a critical asymmetry in platform control. Idrassi can still push updates unhindered to Linux and macOS users, but the majority of his user base on Windows is currently cut off from updates. The dependency on third-party accounts for software distribution poses significant risks, as revocations can disrupt essential tools without recourse.
Automatic account terminations by major tech companies are becoming a recurring headache for developers. Earlier this year, developer Paris Buttfield-Addison was locked out of their Apple account after redeeming a gift card believed to be fraudulent, purchased from a large retailer. Buttfield-Addison only regained access after their account ban gained viral attention, illustrating how opaque enforcement mechanisms can cripple independent developers.
The VeraCrypt case serves as a cautionary tale for the open-source community and users who rely on encryption for security. When platform holders can unilaterally disable developer accounts, the stability of critical software hangs in the balance. As Idrassi races against a mid-2026 deadline, the outcome will test Microsoft’s responsiveness to developer concerns and the resilience of decentralized software ecosystems under corporate gatekeeping.
