Kaspersky
Image: Eugene Kaspersky / Flickr / CC BY-NC-SA 2.0

US to ban Kaspersky Lab software nationwide later this year

Editor's Note: Story updated 6:30 p.m. Eastern U.S. time with statement from Kaspersky.

The Biden administration announced on Thursday it would ban the use of software from Russian cybersecurity firm Kaspersky Lab within the U.S., citing long-standing national security and data privacy concerns and a push to better protect critical infrastructure.

“The truth of the matter is, when Americans have software from companies owned or controlled by countries of concern, such as Russia, such as China, integrated into their systems, it makes all Americans vulnerable,” Commerce Secretary Gina Raimondo said during a conference call with reporters.

The first-of-its kind prohibition will begin September 29 and effectively bar the Moscow-based antivirus firm from providing cybersecurity services anywhere in the country. Existing customers will also not be able to update Kaspersky software after that date. 

The company will not be able to sign up any new clients after July 20. Kaspersky said in a written statement that it "intends to pursue all legally available options to preserve its current operations and relationships."

The Commerce Department also will add Kaspersky Lab, Russia-based Kaspersky Group and Kaspersky Lab Limited, a United Kingdom branch, to its entity list for cooperating with the Kremlin to support the government’s cyber intelligence. Namesake founder and CEO Eugene Kaspersky was one of the first major players in the antivirus industry in the 1990s.

Raimondo said the moves were made after an “extremely thorough investigation” using authorities the department was granted in 2019 to better safeguard domestic information and communication technologies and services supply chains from threats posed by foreign adversaries. 

“While we've been exploring every option at our disposal, we ultimately decided that given the Russian government's continued offensive cyber capabilities and capacity to influence Kaspersky's operations that we have to take the significant measure of a full prohibition if we're going to protect Americans and their personal data,” she said.

eugene-kaspersky-2019.jpg

Eugene Kaspersky at a company event in 2019. Image: Eugene Kaspersky / Flickr / CC BY-NC-SA 2.0

Kaspersky Lab repeatedly has denied that it has ties to any government and has said it would not help a government with cyber-espionage.

"Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services," the company said. "Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies."

Similar protests did not stop former President Donald Trump from signing legislation in 2017 that banned the company from civilian government agencies, an action that led the U.S. relationship with the firm to deteriorate and has only worsened since Russia’s unprovoked invasion of Ukraine in 2022. Early that year, the Federal Communications Commission also added the company to its official list of businesses that pose a national security threat to the U.S.

A senior Commerce official said authorities “generally know” that the Russian government “uses whatever resources available to perpetrate various malicious cyber activity activities.” While the department’s final determination does not cite specific instances where the company has been leaned on “we certainly believe that it's more than just a theoretical threat that we described.”

“We fully believe that the Russian government is either now using Kaspersky or certainly would be willing to use Kaspersky,” according to the official, who spoke on the condition of anonymity.

While the exact number of the company’s U.S. customers is currently confidential, Kaspersky has claimed that more than 400 million people and 240,000 companies worldwide use its software products.

The Commerce official said the department, as well as law enforcement and the intelligence community, will monitor the software upgrade ban and pursue civil or criminal enforcement actions if necessary.

The department and the Cybersecurity and Infrastructure Security Agency (CISA) will also perform “significant outreach” to critical infrastructure operators that use the antivirus software to describe the risks involved and detail potential alternatives.

The official also downplayed the chances of Russia striking back against the U.S. over the ban.

“Given that there have been a number of actions taken against Kaspersky over the years, we don't anticipate a significant response from Russia,” the official told reporters. “But we're certainly on guard and prepared for any sort of retaliation.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Martin Matishak

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.