Kaspersky Lab, a Russian-based antivirus and cybersecurity company, has received two rounds of sanctions from the U.S. government. Kaspersky Antivirus products have been banned from sale in the U.S., with users having 100 days to find a functioning replacement before all functionality is ended.
Fearing connections with the Russian government, the United States Department of Commerce’s Bureau of Industry and Security (BIS) issued the first sanctions on Kaspersky on Thursday, issuing a Final Determination banning Kaspersky from providing antivirus or cybersecurity solutions to anyone in the United States. The sweeping ban was the first of its kind issued by the BIS after expanded powers were granted by the last two presidents of the United States.
The U.S. also placed Kaspersky Lab and its U.K. holding company on the Entity List, cutting them off from any U.S. trade entirely. The next day, twelve members of Kaspersky Lab’s board of executives and leadership were individually sanctioned, with most of Kaspersky Lab’s C-suite receiving individual punishment for their association with Kaspersky and suspected association with the Russian government. CEO and founder Eugene Kaspersky was excluded from this round of sanctions.
The United States government claims Kaspersky’s operation in the U.S. is a significant privacy risk due to Kaspersky’s operations in Russia, the site of its world headquarters. “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information,” said Commerce Secretary Gina Raimondo. “We will continue to use every tool at our disposal to safeguard U.S. national security and the American people.” Under Secretary for Industry and Security Alan Estevez added, “With today’s action, the American cyber ecosystem is safer and more secure than it was yesterday.”
Kaspersky’s comments on the sanctions read as disappointed. “Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services,” Kaspersky claims it offered several alternative solutions, including a verified third party to verify the safety of Kaspersky programs independently, but these solutions were denied.
Kaspersky is also well-known for its industry-leading malware research, which has stopped or slowed countless major security exploits, including the ShrinkLocker exploit Kaspersky found in May. The sanctions will impact its ability to provide the exact security solutions to U.S. citizens. “Kaspersky has implemented significant transparency measures unmatched by any of its cybersecurity industry peers to demonstrate its enduring commitment to integrity and trustworthiness. The Department of Commerce’s decision unfairly ignores the evidence. The primary impact of these measures will be the benefit they provide to cybercrime.”
Kaspersky’s total U.S. ban was not surprising. Kaspersky software has not been allowed on government computers since 2017, and the full-scale ban follows the Department of Commerce’s aggressive stance against potential threat vectors. It is important to note that the Commerce Department’s final determination, sanction listing, and other communications do not list any evidence of any malicious action ever taken by Kaspersky. However, sources close to the matter claim Kaspersky Lab’s Russian backdoors are an “open secret,” with a Commerce Department official speaking anonymously, saying, “We certainly believe that it’s more than just a theoretical threat that we described.”
