Passware 2023 version Decrypts Veracrypt RAM Encryption

Dev response:

Thank you for sharing this information.
This reminds me of the Elcomsoft story back in 2021 where they claimed to broke RAM encryption only to say in blog post that they actually cannot (cf VeraCrypt / Forums / General Discussion: Elcomsoft Breaks the Latest Version of VeraCrypt (3 June, 2021)). But we are already in 2023 and I guess we can trust them that they have finally implemented a reliable attack against RAM encryption.

I will resurect my ideas for RAM encryption enhancements. Sure, we could make small changes to how RAM encryption works to block their current method, but they could still update their tool to match these changes because our source code is open. A better approach would be to tie RAM encryption to something ephemeral that disappears and can’t be found in memory dumps, like debug registers. This would take some serious work, though.

Let’s remember that RAM encryption can’t stop all attacks. If a program in an unlocked Windows session has admin rights, it can access the same information as VeraCrypt driver and it can get access all the data. So, RAM encryption can’t fully protect against this. What it can do, however, is help protect against memory dumps done outside of a running Windows session or without admin rights.

Good to note: Security Requirements and Precautions