The US government announced Thursday that it is banning the sale of Kaspersky Antivirus in the country and asking Americans who use the software to switch to a different provider.
The Commerce Department’s Bureau of Industry and Security said it imposed the “first-of-its-kind” ban, arguing that Kaspersky threatens US national security and user privacy because the company is based in Russia.
“Russia has shown that it has the ability, and even more so, the intent, to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans. And that’s why we’re forced to take the steps we’re taking today,” US Commerce Secretary Gina Raimondo said on a call with reporters.
News of the ban was first Reuters reports before the announcement. A representative for Kaspersky did not immediately respond to TechCrunch’s request for comment.
Kaspersky will be barred from selling its software to US consumers and businesses starting July 20, but the company will be able to provide software and security updates to existing customers until September 29. After that, Kaspersky will no longer be allowed to push software updates to US customers, according to Raimondo.
“This means your software and services will be degraded. That’s why I strongly recommend that you find an alternative to Kaspersky immediately,” said Raimondo.
Raimondo said US consumers who already use Kaspersky’s antivirus are not breaking the law.
“U.S. individuals and businesses who continue to use or have existing Kaspersky products and services are not breaking the law, have done nothing wrong, and are not subject to criminal or civil penalties,” Raimondo said. “However, I would strongly urge you to stop using this software immediately and switch to an alternative solution to protect yourself and your data and your family.”
To inform consumers, Raimondo said the Department of Homeland Security and the Department of Justice will work to inform U.S. consumers, and the U.S. government will create a website, “so people who are affected can find the information they need to understand why we’re doing what we’re doing and to help them take the next steps.”
A senior US Commerce Department official said during the conference call that the federal cybersecurity agency CISA will contact critical infrastructure organizations that use Kaspersky software in their operations to help them find alternatives. The official also said they do not plan to name any specific action by Kaspersky that led to today’s decision. (The Commerce Department asked reporters not to name the official.)
The ban announced Thursday is the latest escalation in a long line of U.S. government actions against Moscow-based Kaspersky.
In September 2017, the Trump administration banned US federal agencies from using Kaspersky software over fears the company could be forced to help Russian intelligence. Earlier in the year, this it was mentionted that Russian government hackers had stolen classified U.S. documents stored on an intelligence contractor’s home computer because he was running Kaspersky antivirus, marking the first known spying incident resulting from the use of the company’s software.
The decision to ban Kaspersky had been in the works since last year, according to a Wall Street Journal report in April 2023.
According to Kaspersky, the company has more than 400 million individual customers and more than 240,000 enterprise customers worldwide. The senior official declined to say how many customers Kaspersky has in the US, but said there are a significant number, including critical infrastructure organizations and state and local government agencies.
