The US government has announced it will ban local sales of antivirus software created by Russian-based company Kaspersky, claiming Moscow’s influence over the organisation poses "a national security risk”.
The broad restriction (using powers created by the former Trump administration) will see new inbound sales of Kaspersky Lab cyber security products and services banned in the US from 20 July, while existing customers will receive software updates until 29 September.
Other Kaspersky affiliates and subsidiaries were also banned “for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives”, the US Department of Commerce's Bureau of Industry and Security (BIS) said in a statement.
BIS claimed the Russian government’s influence on Kaspersky “could not be addressed through mitigation measures short of a total prohibition”.
It said Kaspersky posed an unacceptable risk to US security due to its “access to sensitive US customer information" which could be sent to Russia and its ability to “install malicious software and withhold critical updates”.
It also found Kaspersky software was often unwittingly installed through integration in third-party products.
US secretary of commerce, Gina Raimondo, said the Biden administration was committed to “out-innovate our adversaries”.
“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponise sensitive US information, and we will continue to use every tool at our disposal to safeguard US national security and the American people,” she said.
The US government said Kaspersky already had contracts with large American customers such as state and local governments and critical infrastructure suppliers.
The US Department of Homeland Security banned Kaspersky-branded products on federal information systems in 2017.
Americans already using Kaspersky products were not in violation of any laws, but have been encouraged to remove the products from their devices and switch to alternatives.
The US says Kaspersky poses an unaccepted risk to its national security. Photo: Shutterstock
Ban 'ignores evidence', Kaspersky says
Kaspersky said it did not engage in activities which threatened US national security, and believed the US “made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services”.
The Biden administration’s ban comes as the US government begins to run low on fresh sanctions it can impose on Russia, which has regained some momentum in its invasion of Ukraine.
The Reuters news agency reported that the US government privately warned some American companies the day after Russia invaded Ukraine in February 2022 that Moscow could manipulate software designed by Kaspersky.
The company said it intended to “pursue all legally available options to preserve its current operations and relationships", in wake of its widespread ban.
“Kaspersky has implemented significant transparency measures that are unmatched by any of its cyber security industry peers to demonstrate its enduring commitment to integrity and trustworthiness,” it said in a statement.
“The Department of Commerce’s decision unfairly ignores the evidence.”
Kaspersky claimed the US ban would assist cyber criminals, as it would make international cooperation between cyber security experts more difficult.
The company said it would also take away consumers’ choice, and was an attempt to “unfairly harm our reputation and commercial interests”.
Kaspersky still operates in Australia and has an office in Melbourne.
The company was founded in Moscow in 1997 and is operated by a holding company in the United Kingdom.
Kaspersky says it has over 220,000 corporate clients and more than 400 million users globally.
In 2023 it was revealed dozens of Kaspersky staff had fallen victim to a malware campaign against iPhones.
