Cybersecurity

Kaspersky offers US clients six months of free antivirus updates as it exits the country

After facing Treasury and Commerce Department sanctions, Kaspersky is done doing business stateside.
article cover

Anadolu/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Facing US government sanctions, Russia-based cybersecurity firm Kaspersky will begin terminating its US business, and is offering existing customers six months of free service on its way out.

The Treasury Department’s Office of Foreign Assets Control (OFAC) froze assets belonging to a dozen Kaspersky executives on June 21, and the Commerce Department’s Bureau of Industry and Security (BIS) added three Kaspersky businesses to its Entity List the same week. The US government considers entities on that list to be associated with hostile foreign adversaries, and generally prohibits US businesses and individuals from doing direct or indirect business with them.

Finally, BIS issued an order that will prohibit Kaspersky from selling software in the US as of July 20, or distributing updates to existing US customers after September 29. The order effectively means Kaspersky won’t be able to push software updates and malware signatures to US users’ software after the latter date.

The order doesn’t prohibit US users from manually downloading and/or installing these updates themselves, or continuing to use outdated Kaspersky software, as long as no business transaction is involved. Hence, the six months of free updates wouldn’t constitute a sanctions violation.

The Biden administration issued the ban after concluding the Russian government might pressure the cybersecurity firm into abusing its access to US computer systems. Kaspersky has denied it would ever do so, and suggested it’s facing sanctions in large part due to the Russian military invasion of Ukraine.

In a statement shared with IT Brew by Kaspersky spokesperson Sawyer VanHorn, the company said it had “made this sad and difficult decision as business opportunities in the country are no longer viable.”

“Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted third party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services,” the statement continued.

Kaspersky noted that the sanctions don’t apply to US sales of training or cyber threat intelligence, although it stated it would “gradually wind down its US operations and eliminate US-based positions” beginning on July 20.

While the European Parliament hasn’t issued similar restrictions on the company, a 2023 report issued by its special committee on foreign interference and disinformation name-dropped Kaspersky as one of several Russia- or China-based firms that should be barred from use in sensitive sectors. However, OFAC designations apply to foreign firms with US touchpoints, meaning many European firms may be forced to sever ties with Kaspersky as well.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.