using apt full-upgrade is rather necessary. The PPA is quite a massive upgrade that iirc some packages need to be removed so that updated replacements can be installed - normal 'upgrade does not allow this.

it does not autoremove, or remove things that are marked as no longer needed. Only those that are being replaced by something else.
The upgrade would have shown what is being proposed for installation, as well as any required removals.

To prevent autormoval, you can simply install/reinstall the package. sudo apt install encfs. This is one way to mark this as manually installed as opposed to automatic, and thus no longer offered for autoremoval
Or sudo apt mark manual encfs

But something seems amiss on your system. I don't see any plasma packages that would even involve drive encryption, since that is an Ubuntu OS level thing, not a desktop (Kubuntu) level item, but package deps can be convoluted.
I don't see any reports of similar things being reported or mentioned by users anywhere , so far. But I imagine the number of people still using 22.04 + backports-extra instead of 24.04 is quite small.

Is using 24.04 not an option, since it comes with Plasma 5.27 natively?
Any other PPAs or other external sources being used?
are you updating the system before adding the PPA?

Do a full-upgrade dry run, and report what is offered.

This would be the result of the removal of the plasma-vault encfs dependency, inherited from debian packaging of latest plasma 5 and upstream changes in the default backend for the vaults to cryfs.

https://tracker.debian.org/news/1368...into-unstable/

Thank you acheron. That appears to be the most likely culprit.

I will leave this here "for the archives" that if the host root filesystem is encrypted in Kubuntu 22.04 and the backports-extra packages are applied to update Plasma to v5.27.11, encyption will "break".