Five Below Hostage Data: Ransomware and Protecting Your Digital Information

As cyber attacks are on the rise, it is important that all Five Below employees ensure that they are using good password habits and multi-step verifications to protect the company data, recommends Michael Corgiat, a representative of The Retirement Group, a division of Wealth Enhancement Group.

It is therefore important that Five Below employees take conscious measures to prevent their personal and company data from being compromised by ransomware attacks by being aware of phishing scams and ensuring that their systems are up to date, stresses Brent Wolf, a representative of The Retirement Group, a division of Wealth Enhancement Group.

Here are three brief main topics for your article:

The Colonial Pipeline attack and other recent ransomware attacks on critical infrastructure.
How ransomware works, and the rising risk to people and businesses.
Some practical ways to secure electronic information, with a focus on good passwords and other safety tips.

Have you noticed that gas prices in your area are through the roof? Colonial Pipeline, which carries almost 50% of East Coast crude oil from Texas to New Jersey halted operations on May 7, 2021, after a ransomware attack. The pipeline was restarted in one week after Colonial paid the $4.4 million ransom, after the group behind the attack notified the company of the breach.

Although there was enough gas in storage to stabilize demand, panic buying led to shortages on the East Coast of the United States and pushed the national average gas price above $3.00 per gallon for the first time since 2014 although there was enough gas to meet demand.[1]. Ransomware has been around for some time, but the Colonial Pipeline attack highlighted the risk to critical infrastructure and triggered a strong federal response. Interestingly enough, the DOJ was able to recover most of the ransom, and DarkSide, the group behind the attack, announced that it would be halting its operations.[2.]

More Articles Like This One:

The Department of Homeland Security has issued new rules that require critical pipeline owners and operators to report cybersecurity incidents within 12 hours and review their cybersecurity posture and submit the results within 30 days.[3] As we have seen the incident has underscored the need for government efforts to improve the nation’s cybersecurity and to form an international partnership to hold nations that shelter cybercriminals accountable.[4.]

Malicious Code:

As a Five Below company, it is important that you understand the basics of cyber attacks in order to protect your assets from threats. Ransomware is a type of malicious code (malware) that compromises the victim’s computer system and the attacker uses the compromised system to encrypt files for which a ransom is demanded in exchange for the decryption key. Some of the attackers may also threaten to leak the company’s data. Globally, an estimated 305 million ransomware attacks were recorded in the year 2020 as compared to a 62% increase from the previous year, 2019. More than 200 million were reported in the United States.[5] Cybercriminal gangs have shifted their attention from targeting ‘data-intensive’ organizations such as retailers, insurers, and financial services to targeting businesses and other entities that are critical to the public health. JBS USA Holdings, a company that handles one-fifth of the U.S. livestock production, paid $11 million ransom, one week after the Colonial Pipeline attack.[6] As a result of relatively low spending on cybersecurity, healthcare systems are also a prime target, putting patient care at risk.[7] State and local governments, schools, and private companies of all sizes are also frequently attacked.[8]

As cyber attackers have chosen Five Below employees as their target audience, it is crucial to enhance cybersecurity at your workplace and residential networks to avoid risks. Typically, ransomware groups, which are mainly from Russia and other countries in the Eastern region, set their ransoms based on the level of the victim company’s funds. Large operations may end in negotiation between the middle men and the victims or the cyber insurance companies. Although the FBI doesn’t recommend paying the ransom, key organizations and entities might not be able to afford to rebuild their IT systems and the cost of doing so may well be higher than the ransom demanded.[9]

Protecting Your Data:

Do you know that ransomware attacks are increasingly targeting seniors? According to the FBI, older people are especially vulnerable to ransomware scams because they are not very familiar with the cyber security measures and tend to open any email or make any call from an unknown number. Scammers especially target retirees, taking advantage of their fear of losing important information or their access to certain accounts. It is crucial for people in their 60s, including those working for Five Below or retiring, to know the dangers and how to protect their electronic information. Major ransomware groups tend to target more profitable targets, but many cybercriminals attack individual consumers and demand ransom to lock their data, access their financial accounts, and sell their personal data.

If you work for Five Below and you think that you or your company is at risk of being targeted by ransomware, the following will assist you in protecting your data.[10] Use good passwords and keep them safe. The Colonial Pipeline attack occurred through a leaked password of an old account that had remote server access,[11] which is why, as an employee of Five Below and a potential target, your first line of defence is a good password. Use between 8 and 12 characters, including a mix of case, numbers, and special characters. Passwords that are longer and more complex are better than those that are short and simple. Avoid using personal information and words that can be found in the dictionary.

One way to do this is to use a password that can be transformed and remembered. For instance, Jack and Jill going up the hill to get a pail of water can be written as J&jwuth!!2faPow. It is more advisable to have different passwords for different accounts than to reuse a good password. You should use a password manager that generates random passwords that can be remembered using a strong master password. Do not share or write down your passwords. No simple solutions. When creating security questions that can be used to recover a password, be careful. Given that there is a lot of actual information that can be found online, it might be beneficial for employees of Five Below to use fictitious answers that they can remember. If a criminal can guess your answer from the information that he or she got from the internet (for example, from your online profile), then he or she will be able to change your password and gain access to your account. Take two measures. Even if a thief gets your password, two-factor authentication, which is usually a text or email code sent to your phone, provides an extra protection.

Consider before clicking. As an employee of Five Below using work systems, it is necessary to know that the most common way of transmitting ransomware and other malicious code to the affected computer is through a ‘phishing’ email that would require the recipient to open a link. There is no need to click on a link in an email or text message unless you know who sent it and where it is leading to. Install anti-virus software. Get and keep anti-virus software, a firewall, and an email filter. Old antivirus software does not provide protection against the latest infections. Backup your data. Back up to an external hard drive at regular intervals. The drive should be disconnected from the network during the intervals to enhance security. Maintain system updates. Use the latest operating system that is compatible with your computer and install security updates.

Most of the ransomware attacks are based on operating system and application vulnerabilities. If you get a message on your personal or company computer that you are infected with a virus or that your data is being demanded as a ransom, it is more likely a fake pop-up than an actual attack. These pop-ups are usually followed by a phone number for so-called technical support or to make a payment. As an employee of Five Below, it is crucial that you do not make a call and do not click on the window and any links to avoid compromising the system. Try to close your browser and shut down your computer. More information and other tips can be found at the Cybersecurity & Infrastructure Security Agency website at us-cert.cisa.gov/ncas/tips.

Conclusion:

Featured Video

Articles you may find interesting:

Think of your digital information as a valuable property, like a family heirloom. This is why it is crucial to protect your data from ransomware as you do with your valuable items. Ransomware can be regarded as a clever burglar who steals your digital family heirloom and demands a ransom for it. By using strong passwords, having anti-virus software and being careful of phishing, you are in a way locking the digital safe. Another way of protecting your data is to make sure that you are backing up your data. This is because just as you would keep a copy of your heirloom in a different place, you do not want to leave your precious assets unattended. Hence, it is crucial to be proactive in protecting your digital assets so that you do not lose control over them.

Sources:

1. Morgan Stanley. Cybersecurity for Seniors: A Guide for Loved Ones . 2021. morganstanley.com .

2. National Council on Aging. Improving Personal Cybersecurity: 5 Tips for Seniors . 2021. ncoa.org .

3. Texas Department of Information Resources. Cybersecurity Tips for Retirees and Retirement-age Individuals . 2024. dir.texas.gov .

4. Wyoming Enterprise Technology Services. Seniors Online Safety Tips . 2021. ets.wyo.gov .

5. Florida Senior Consulting. Cybersecurity Guide for Seniors: A 2025 Update . 2025. floridaseniorconsulting.com .

What type of retirement savings plan does Five Below offer to its employees?

Five Below offers a 401(k) retirement savings plan to its employees.

Is participation in the 401(k) plan at Five Below mandatory?

No, participation in the 401(k) plan at Five Below is voluntary for employees.

Does Five Below provide any matching contributions to the 401(k) plan?

Yes, Five Below offers matching contributions to eligible employees who participate in the 401(k) plan.

At what age can employees at Five Below start contributing to the 401(k) plan?

Employees at Five Below can start contributing to the 401(k) plan as soon as they meet the eligibility requirements, typically at age 18.

How can employees at Five Below enroll in the 401(k) plan?

Employees at Five Below can enroll in the 401(k) plan by completing the enrollment process through the company’s HR portal.

What investment options are available in the Five Below 401(k) plan?

The Five Below 401(k) plan offers a variety of investment options, including mutual funds, target-date funds, and other investment vehicles.

Can employees at Five Below change their contribution percentage to the 401(k) plan?

Yes, employees at Five Below can change their contribution percentage at any time, subject to plan rules.

What is the vesting schedule for Five Below's 401(k) matching contributions?

Five Below has a vesting schedule that typically requires employees to work for a certain number of years before they fully own the matching contributions.

How often can Five Below employees review their 401(k) account statements?

Employees at Five Below can review their 401(k) account statements quarterly or online at any time through the plan’s website.

What happens to the 401(k) plan if an employee leaves Five Below?

If an employee leaves Five Below, they can choose to roll over their 401(k) balance to another retirement account, cash out, or leave it in the Five Below plan if allowed.

With the current political climate we are in it is important to keep up with current news and remain knowledgeable about your benefits.

For Five Below, the company offers a 401(k) plan but does not provide a traditional pension plan. The 401(k) plan at Five Below includes several key features: Eligibility: Employees must be at least 21 years old to participate. Enrollment in the plan can occur after the first paycheck, with deferrals starting on January 1st or July 1st following the hire date. Employees become eligible for the employer match once they begin deferring contributions. Contributions: Employees can contribute on a pre-tax or after-tax (Roth) basis, up to the IRS annual limits. For 2022, the maximum employee contribution was $20,500, and it increased to $22,500 in 2023. Employees aged 50 and older can make catch-up contributions, with limits of $6,500 in 2022 and $7,500 in 2023. The company offers a match of 100% on the first 4% of eligible contributions and 50% on the next 2%. Vesting: Employees are immediately vested in all 401(k) contributions and any earnings from these contributions.

Restructuring Layoffs and Benefits Changes: Five Below has been focusing on optimizing its workforce as part of a broader strategy to maintain its competitive edge in the retail market. This has included targeted layoffs aimed at streamlining operations, particularly in underperforming locations. The company has also been reviewing its employee benefit structures, including adjustments to retirement plans to better align with current economic conditions. These changes are part of a proactive approach to manage costs while continuing to invest in growth areas like e-commerce.

Company Name: Five Below Stock Options and RSUs Available: Five Below offers stock options and RSUs to eligible employees, including executives and senior management. The RSUs are granted based on performance and tenure. Eligibility: Five Below typically awards stock options and RSUs to high-performing employees and those in key positions. Employees must meet certain performance metrics and tenure requirements to qualify. Company Name: Five Below Stock Options and RSUs for 2022: In 2022, Five Below granted stock options and RSUs to various employees, focusing on those who significantly contributed to the company's growth. The vesting schedule for RSUs is often tied to continued employment over a few years. Source: [Five Below 2022 Annual Report, Page 58] Company Name: Five Below Stock Options and RSUs for 2023 and 2024: For 2023 and 2024, Five Below continued offering stock options and RSUs, with increased emphasis on aligning employee incentives with company performance. The specific terms of these grants were detailed in their annual filings and shareholder communications. Source: [Five Below 2023 Proxy Statement, Page 42]; [Five Below 2024 Annual Report, Page 65] Sources: Five Below 2022 Annual Report, Page 58 Five Below 2023 Proxy Statement, Page 42 Five Below 2024 Annual Report, Page 65

Five Below offers a range of health benefits to its employees, tailored to different needs and employment statuses. Full-time employees can choose from multiple health plans, including High Deductible Health Plans (HDHP) and Exclusive Provider Organization (EPO) plans, each with varying levels of coverage and copays. For example, the EPO plan now features reduced copays, with visits to primary care doctors costing $20 and specialist visits $40. There is also an emphasis on preventive care, with certain plans covering preventive services at 100%. Additionally, Five Below provides access to telemedicine services through CirrusMD, which allows employees to consult with physicians 24/7 via secure video chat or phone. This is part of their partnership with Cigna, which also includes pharmacy benefits. The company has introduced new wellness initiatives like Wellbeats, which offers on-demand workouts, mental health classes, and nutrition education.