Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20.
In a statement to BleepingComputer, the company also confirmed that it will lay off its U.S.-based employees. Independent cybersecurity journalist Kim Zetter first reported that this will affect "less than 50 employees in the U.S."
This comes after the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned twelve Kaspersky Lab executives on June 21 for operating in Russia's technology sector, freezing their U.S. assets and preventing access to them until the sanctions are lifted.
The Department of Commerce also designated AO Kaspersky Lab, OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) to its Entity List, preventing any U.S. business from conducting business with them.
"Today's Final Determination and Entity Listing are the result of a lengthy and thorough investigation, which found that the company's continued operations in the United States presented a national security risk—due to the Russian Government's offensive cyber capabilities and capacity to influence or direct Kaspersky's operations—that could not be addressed through mitigation measures short of a total prohibition," the Bureau of Industry & Security said.
"Any individual or business that continues to use Kaspersky products and services assumes all the cybersecurity and associated risks of doing so."
One day earlier, the Department of Commerce's Bureau of Industry and Security (BIS) also banned the company from selling its software and delivering Kaspersky antivirus updates, effective September 29, over potential cybersecurity risks to national security.
Kaspersky told BleepingComputer on Monday that it would completely shut down its business in the United States because the Biden administration's decisions would make the operations "no longer viable."
"Starting from July 20, 2024 Kaspersky will gradually wind down its U.S. operations and eliminate U.S.-based positions,"Kaspersky told BleepingComputer.
"The decision and process follows the Final Determination by the U.S. Department of Commerce, prohibiting the sales and distribution of Kaspersky products in the U.S.
"The company has carefully examined and evaluated the impact of the U.S. legal requirements and made this sad and difficult decision as business opportunities in the country are no longer viable."
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
kingmustard - 1 year ago
End of an era, really.
h_b_s - 1 year ago
Unfortunate. Eugene Kaspersky and his company have done a great deal of good for global computer security regardless of where the threat originated.
ZeroYourHero - 1 year ago
I wonder if Russia is contemplating banning US software.
Magissia - 1 year ago
"I wonder if Russia is contemplating banning US software. "
AFAIK yes.
johnlsenchak - 1 year ago
Why doesn't Kaspersky just move all it's operations to the United States ?
Magissia - 1 year ago
@johnlsenchak I would stop using their product due to the US gov offensive cyber capabilities and capacity to influence or direct Kaspersky's operations—that could not be addressed through mitigation measures short of a total prohibition.
Magissia - 1 year ago
Do the US gov have any proofs of such threat to share or did they pulled it out of their magic hats?
GT500 - 1 year ago
When they originally started limiting Kaspersky's ability to do business with the U.S. government, they listed their reasons why they believed Kaspersky was being influenced by and giving information to Russian intelligence agencies (I would believe it involved certain individuals at high levels in the company who were known to be affiliated with one of Russia's intelligence agencies). As for actual proof, I do not recall them ever actually releasing any, however that is not a surprise as they would almost certain consider it a breach of national security to do so (releasing the evidence might reveal too much about their intelligence gathering operations in Russia).
Considering the war in Ukraine, I would not be surprised if the European Union also restricted Kaspersky's ability to do business within their borders.
NoneRain - 1 year ago
Agree with GT500.
captobvi - 1 year ago
Is working with Russian government on military drone tech proof enough? https://www.theregister.com/2024/05/03/kaspersky_russia_military_drone_claims/
Magissia - 1 year ago
"Is working with Russian government on military drone tech proof enough? https://www.theregister.com/2024/05/03/kaspersky_russia_military_drone_claims/"
No, claims aren't proofs. Show the evidence.
h_b_s - 1 year ago
Regardless of intent, anti-malware of any stripe can be a source of confidential information leak. Not all malware scanners have the option to disable the upload of unknown, new variant, or other suspect files back to the vendor for analysis. Even if they do have the option, most people, including most corporate IT staff, never adjust the defaults. This applies to any anti-malware of any origin.
It's unfortunate that a company of Kaspersky's reputation is getting hung out to dry in the brutal calculus of Us vs. Them geopolitics, but no government generally needs the sort of proof one could take to their courts to ban products for reasons of their national security. It's enough to state a plausible, or sometimes implausible, case.
Russia is doing the same thing, they've banned the use of iPhones by their government employees and officials, and will likely ban Apple products in general at some point. In this case, because Apple won't play Putin's surveillance game. This isn't nobility on Apple's part. Russia doesn't have nearly a billion potential customers, unlike the PRC where they are mostly complying with surveillance laws.
IAmJeeves - 1 year ago
All this fallout because a three letter US agency dev who was building malware forgot to turn his EDR off and the signature made it out into the open.
Kaspersky's only crime here was developing a very good product.
captobvi - 1 year ago
The malware story happened almost 10 years ago. The most recent one was involvement with military drones tech and government contracts in general. Any antivirus software is a potential backdoor and the temptation for an autocratic government is too big to risk. https://www.theregister.com/2024/05/03/kaspersky_russia_military_drone_claims/
NoneRain - 1 year ago
Nope. That was indeed a strange case, but this ban is not directly related to that.
h_b_s - 1 year ago
I've seen the suggestions that Kaspersky was implicated in the Eternal Blue breach/release, but I've never seen any actual proof that it was anything other than the hacker collective Shadow Brothers that are the real culprits. There's no public proof that the Shadow Brothers are linked to the Russian government, either. There's no way to know what intelligence agencies know about Shadow Brokers.
Even if Kaspersky did at some point spill the beans on the Eternal Blue tools, that is their job.
megakotaro - 1 year ago
NSA can do whatever they want.
NotTechie2 - 1 year ago
I really don't know what I am going to use. They have app lock, a great PW Manager that works on apps, secure document storage, and so much more. Any ideas? I use Android and Windows 11.
serghei - 1 year ago
You should be OK with Google Play Protect and Microsoft Defender, they’re both very good these days.
As long as you’re not installing shady apps or cracked software and paying attention on what links you click/website you visit :)
Kescarte_DeJudica - 1 year ago
Google Play Protect is garbage and should be disabled immediately.
Windows Security is actually an excellent antivirus in the modern era, and Bitwarden is a great password manager that can wync between all your devices just like Kaspersky.
Unfortunately, I can't really recommend anything for "secure document storage" mostly just because I don't really know what that means in this case.
If you're talking about like an encrypted cloud storage drive, Mega is good for that, and the free plan allows up to 20 GB.
opera - 1 year ago
See here
https://malwaretips.com/threads/kaspersky-products-free-for-six-months-usa-ip-only.132058/#post-1093564
wpontius - 1 year ago
Just a C-5 Galaxy load of Cold War paranoia, inuendo, rhetoric and rumors. I would like to see some evidence!!