Kaspersky's Sudden Exit: UltraAV Takes Over U.S. Customer Base
In a surprising turn of events, Kaspersky, the renowned Russian cybersecurity company, has abruptly ceased its operations in the United States, leaving customers bewildered and concerned. On Thursday, September 19, 2024, Kaspersky's anti-malware software began deleting itself from customers' computers across the U.S., automatically replacing it with UltraAV's antivirus solution[1].
Background
The sudden transition comes in the wake of significant political developments. In June 2024, the U.S. government added Kaspersky to its Entity List, effectively labeling it a national security concern[1]. This move was followed by a Biden administration announcement on June 20, banning sales and software updates for Kaspersky antivirus software in the United States, with the ban set to take effect on September 29, 2024[1].
The Transition
Kaspersky had previously informed BleepingComputer in July about its plans to close its U.S. business and lay off staff starting July 20[1]. The company also sent emails to customers in early September, assuring them of continued "reliable cybersecurity protection" through UltraAV, owned by Pango Group[1]. However, these communications failed to mention the impending automatic deletion and replacement of Kaspersky's software[1].
Customer Reactions
The abrupt change left many users in shock and confusion. Numerous reports flooded online forums, including BleepingComputer's, with customers expressing concern about potential malware infections[1]. One user described waking up to find "this new antivirus system" on their desktop, unable to access Kaspersky, which had vanished[1].
UltraAV and Pango Group
UltraAV, the replacement software, is part of Pango Group, a company that oversees multiple VPN brands such as Hotspot Shield, UltraVPN, and Betternet[1]. Some users reported finding UltraVPN installed alongside UltraAV, likely due to existing Kaspersky VPN subscriptions[1].
Ongoing Concerns
The transition has not been without issues. While some users could uninstall UltraAV using its built-in uninstaller, others found the software reinstalling itself after a reboot when removed using third-party uninstall applications[1]. This behavior further fueled concerns about potential malware infection among affected users[1].
What exactly happened when Kaspersky deleted itself and installed UltraAV antivirus
On September 19, 2024, Kaspersky abruptly deleted its antivirus software from customers' computers across the United States and automatically installed UltraAV's antivirus solution without explicit user consent or prior notification[1][7]. This sudden transition occurred as a result of several key events:
- In June 2024, the U.S. government added Kaspersky to its Entity List, labeling it a national security concern[7].
- The Biden administration announced a ban on sales and software updates for Kaspersky antivirus software in the U.S., effective September 29, 2024[7].
- In response, Kaspersky decided to shut down its U.S. operations and lay off U.S.-based employees[7].
- Kaspersky partnered with UltraAV, owned by Pango Group, to provide continued protection for its U.S. customers[3].
The transition process unfolded as follows:
- Kaspersky sent emails to customers in early September, mentioning continued protection through UltraAV but failing to specify the exact timing or automatic nature of the switch[1].
- On September 19, Kaspersky pushed a software update that initiated the transition to UltraAV[4].
- The update caused Kaspersky's software to delete itself from users' systems and automatically install UltraAV[7].
- In some cases, UltraVPN was also installed, likely for users with existing Kaspersky VPN subscriptions[3].
Many users were caught off guard by this sudden change:
- Some initially feared their systems had been infected with malware[3].
- Users reported difficulties in uninstalling UltraAV, with the software reinstalling itself after reboots in some cases[1].
- The lack of clear communication and user consent caused frustration and confusion among affected customers[1].
Kaspersky has stated that this transition was intended to ensure continued protection for U.S. customers after its exit from the market[4]. However, the abrupt nature of the change and the lack of explicit user consent have raised concerns among users and cybersecurity experts alike.
Official Statements
Kaspersky has released an official statement on its forums, explaining that the partnership with UltraAV aims to "ensure continued protection for US-based customers"[1]. The company claims that UltraAV offers a similar feature set to its products and directs customers to a FAQ page on UltraAV's website for more information[1].
As this situation continues to unfold, U.S. customers of Kaspersky are left to navigate this unexpected transition. The incident raises important questions about data privacy, user consent, and the broader implications of geopolitical tensions on the cybersecurity landscape.
Who Is UltraAV and Pango Group
UltraAV is an antivirus and malware removal service that is part of the Pango Group's portfolio of digital consumer security solutions. Here's some background on UltraAV and Pango Group:
Pango Group
Pango Group is a leading provider of digital consumer security solutions. The company offers a range of products designed to keep customers safe online, including antivirus software, VPNs, and identity protection services. Some key facts about Pango Group include:
- It has been protecting customers online for 20 years
- The company claims to have over 650 million lifetime users
- Pango Group reports 25+ million monthly active users across its various brands
UltraAV
UltraAV is one of the security products offered by Pango Group. It provides antivirus and malware protection for Windows and Mac devices. Some features of UltraAV include:
- Protection against various types of malware, including viruses, worms, spyware, adware, trojans, and ransomware
- Zero Day Threat Detection using heuristics and AI/ML to identify new malware threats
- Multi-functional Active Protection that scans new processes initiated by the operating system
- Network Attack Protection to block network malware and ransomware
- USB Drive Protection to prevent malicious programs from executing via USB drives
- Application Control for managing access to specific programs
Relationship to Kaspersky
UltraAV gained significant attention when it became the replacement for Kaspersky antivirus software for U.S. customers. This transition occurred due to U.S. government restrictions on Kaspersky products. While UltraAV offers similar features to Kaspersky, it lacks some specific functionalities such as webcam protection and online payment protection.
Other Pango Group Brands
In addition to UltraAV, Pango Group owns and operates several other well-known cybersecurity brands:
- UltraVPN
- Identity Defense
- Hotspot Shield
- Betternet
- VPN360
- OVPN
The company emphasizes its commitment to privacy and security, noting that UltraVPN (one of its products) is based in Panama, which is outside the Five Eyes and Fourteen Eyes Alliance, potentially offering enhanced privacy protections.
Citations:
[1] https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
[1] https://www.pcmag.com/news/kaspersky-antivirus-abruptly-replaced-with-ultraav-in-the-us-angering-users
[2] https://www.cnet.com/tech/services-and-software/kaspersky-antivirus-software-automatically-transitions-to-ultraav-for-us-subscribers/
[3] https://www.techzine.eu/news/security/124702/kaspersky-removes-itself-and-installs-ultraav-without-permission/
[4] https://www.it-daily.net/en/shortnews-en/kaspersky-replaced-overnight-by-ultraav-users-taken-by-surprise
[5] https://www.pcmag.com/news/kaspersky-antivirus-replaced-by-ultraav-heres-why-and-what-you-can-do
[6] https://www.reddit.com/r/antivirus/comments/1fkr0sf/kaspersky_deleted_itself_and_installed_ultraav/
[8] https://forum.kaspersky.com/topic/ultraav-software-no-notification-automatically-installs-and-cant-remove-it-50628/?page=2