Mounir Idrassi, the developer behind the open-source encryption tool VeraCrypt, has issued a stark warning: Microsoft’s abrupt termination of his account could leave Windows users unable to access their encrypted systems starting in mid-2026. In a March 30 online post, Idrassi stated that Microsoft “terminated the account I have used for years to sign Windows drivers and the bootloader,” offering no explanation or appeal process.
Based in Japan, Idrassi attempted to contact Microsoft but failed to reach a human representative. The account lockout prevents him from re-verifying the security of his software, a mandatory step for developers on the Windows platform. Without this verification, devices running VeraCrypt will soon face boot failures if the issue remains unresolved. Microsoft has not commented on the situation.
VeraCrypt is a widely adopted encryption solution that allows users to password-protect files or encrypt entire operating systems to guard against pre-boot attacks. The software’s latest Windows version, released in May 2025, has seen nearly a million downloads of its installer file. This incident underscores the immense power tech giants wield over third-party applications on their platforms, exposing users to risks when account access can be revoked under mutable rules.
Idrassi confirmed that updates for Linux and macOS users continue unimpeded, but the majority of his user base on Windows is currently cut off from new releases. “For affected users, there is nothing special to do for now as VeraCrypt will continue to work, and there are no security issues identified currently,” he told TechCrunch on Wednesday.
However, the real threat looms for those using system encryption, which scrambles the entire OS until a password is entered. Idrassi warned that boot-up issues could emerge around late June, escalating after July 2026 when Microsoft revokes the certificate authority used to digitally sign the VeraCrypt bootloader. “Users who have enabled system encryption with VeraCrypt may face boot issues after July 2026 because Microsoft will revoke the [certificate authority] that was used to sign the VeraCrypt bootloader,” he said. “A new Microsoft CA must be used for bootloaders to continue working.”
Without access to his Microsoft account, Idrassi cannot apply the required new signature, making it impossible for encrypted systems to boot. “If the issue is not resolved by then, it would essentially mean a death sentence for VeraCrypt,” he stated. This scenario highlights the fragility of open-source projects dependent on corporate platforms for distribution and validation.
This is not an isolated case of automated account terminations. Earlier this year, developer Paris Buttfield-Addison was locked out of their Apple account after redeeming a gift card believed to be fraudulent, purchased from a major retailer. Buttfield-Addison regained access only after public outcry over the ban went viral.
The VeraCrypt situation serves as a critical reminder for developers and users alike: reliance on third-party accounts for essential software functions carries significant operational risks. As platforms tighten controls, the future of independent tools hangs in the balance.
