diff --git a/package-lock.json b/package-lock.json
index d8512b3bc..2b340a013 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "trilium",
-  "version": "0.61.5-beta",
+  "version": "0.61.6-beta",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "trilium",
-      "version": "0.61.5-beta",
+      "version": "0.61.6-beta",
       "hasInstallScript": true,
       "license": "AGPL-3.0-only",
       "dependencies": {
diff --git a/src/becca/entities/battachment.js b/src/becca/entities/battachment.js
index 9da0835f9..7108545c7 100644
--- a/src/becca/entities/battachment.js
+++ b/src/becca/entities/battachment.js
@@ -98,7 +98,12 @@ class BAttachment extends AbstractBeccaEntity {
     }
 
     decrypt() {
-        if (this.isProtected && !this.isDecrypted && protectedSessionService.isProtectedSessionAvailable()) {
+        if (!this.isProtected || !this.attachmentId) {
+            this.isDecrypted = true;
+            return;
+        }
+
+        if (!this.isDecrypted && protectedSessionService.isProtectedSessionAvailable()) {
             try {
                 this.title = protectedSessionService.decryptString(this.title);
                 this.isDecrypted = true;
diff --git a/src/services/revisions.js b/src/services/revisions.js
index 0a61643be..e833a3bf5 100644
--- a/src/services/revisions.js
+++ b/src/services/revisions.js
@@ -14,21 +14,34 @@ function protectRevisions(note) {
     }
 
     for (const revision of note.getRevisions()) {
-        if (note.isProtected === revision.isProtected) {
-            continue;
+        if (note.isProtected !== revision.isProtected) {
+            try {
+                const content = revision.getContent();
+
+                revision.isProtected = note.isProtected;
+
+                // this will force de/encryption
+                revision.setContent(content, {forceSave: true});
+            } catch (e) {
+                log.error(`Could not un/protect note revision '${revision.revisionId}'`);
+
+                throw e;
+            }
         }
 
-        try {
-            const content = revision.getContent();
+        for (const attachment of revision.getAttachments()) {
+            if (note.isProtected !== attachment.isProtected) {
+                try {
+                    const content = attachment.getContent();
 
-            revision.isProtected = note.isProtected;
+                    attachment.isProtected = note.isProtected;
+                    attachment.setContent(content, {forceSave: true});
+                } catch (e) {
+                    log.error(`Could not un/protect attachment '${attachment.attachmentId}'`);
 
-            // this will force de/encryption
-            revision.setContent(content, {forceSave: true});
-        } catch (e) {
-            log.error(`Could not un/protect note revision '${revision.revisionId}'`);
-
-            throw e;
+                    throw e;
+                }
+            }
         }
     }
 }