The US government said on Thursday it would ban the sale of Kaspersky Lab's antivirus software in the country and ask Americans who use the software to switch to other providers.
The Commerce Department's Bureau of Industry and Security said it imposed the “first-of-its-kind” ban because Kaspersky Lab's base in Russia poses a threat to U.S. national security and user privacy.
“Russia has demonstrated the capability, and even the intent, to use Russian companies like Kaspersky to collect and weaponize Americans' personal information, which is why we are compelled to take the actions we are taking today,” Commerce Secretary Gina Raimondo said in a conference call with reporters.
News of the ban was first reported by Reuters before it was announced. A Kaspersky spokesperson did not immediately respond to TechCrunch's request for comment.
Kaspersky Lab will be banned from selling software to U.S. consumers and businesses starting July 20, but will be able to provide software and security updates to existing customers until Sept. 29. After that, Kaspersky Lab will no longer be allowed to push software updates to its U.S. customers, Raymond said.
“It means lower quality software and services. That's why we strongly encourage you to find an alternative to Kaspersky immediately,” Raimondo said.
Raimondo said U.S. consumers who already use Kaspersky Lab antivirus software are not breaking the law.
“Any U.S. individuals or businesses that continue to use or possess Kaspersky Lab products or services are not breaking the law, have done nothing wrong, and will not be subject to criminal or civil penalties,” Raimondo said. “However, we urge them to immediately stop using the software and switch to an alternative to protect themselves, their data and their families.”
To inform consumers, the departments of Homeland Security and Justice will work to notify U.S. consumers, and the U.S. government will set up a website “so that those affected can find the information they need to understand what we're doing and help them take next steps,” Raimondo said.
A senior Commerce Department official said at a news conference that the federal cybersecurity agency, CISA, plans to reach out to critical infrastructure organizations that use Kaspersky Lab software in their operations to help them find alternatives. The official said he would not name the specific actions Kaspersky Lab took that led to today's decision. (The Commerce Department asked reporters not to reveal the official's name.)
The ban announced Thursday marks the latest tightening in a long line of U.S. government measures against Moscow-based Kaspersky.
In September 2017, the Trump administration banned U.S. federal government agencies from using Kaspersky Lab software, citing concerns that the company could be compelled to cooperate with Russian intelligence. Earlier that year, Russian government hackers reportedly stole classified U.S. documents stored on an intelligence contractor's home computer because Kaspersky Lab antivirus software was running on it, marking the first known case of espionage resulting from the use of the company's software.
The decision to ban Kaspersky had been under consideration since last year, The Wall Street Journal reported in April 2023.
Kaspersky Lab says it has more than 400 million consumer and 240,000 corporate customers worldwide. A senior executive declined to say how many U.S. clients Kaspersky Lab has but said the number is significant, including critical infrastructure organizations and state and local government agencies.