Philip Morris International Hostage Data: Ransomware and Protecting Your Digital Information

As cyber attacks are on the rise, it is important that all Philip Morris International employees ensure that they are using good password habits and multi-step verifications to protect the company data, recommends Michael Corgiat, a representative of The Retirement Group, a division of Wealth Enhancement Group.

It is therefore important that Philip Morris International employees take conscious measures to prevent their personal and company data from being compromised by ransomware attacks by being aware of phishing scams and ensuring that their systems are up to date, stresses Brent Wolf, a representative of The Retirement Group, a division of Wealth Enhancement Group.

Here are three brief main topics for your article:

The Colonial Pipeline attack and other recent ransomware attacks on critical infrastructure.
How ransomware works, and the rising risk to people and businesses.
Some practical ways to secure electronic information, with a focus on good passwords and other safety tips.

Have you noticed that gas prices in your area are through the roof? Colonial Pipeline, which carries almost 50% of East Coast crude oil from Texas to New Jersey halted operations on May 7, 2021, after a ransomware attack. The pipeline was restarted in one week after Colonial paid the $4.4 million ransom, after the group behind the attack notified the company of the breach.

Although there was enough gas in storage to stabilize demand, panic buying led to shortages on the East Coast of the United States and pushed the national average gas price above $3.00 per gallon for the first time since 2014 although there was enough gas to meet demand.[1]. Ransomware has been around for some time, but the Colonial Pipeline attack highlighted the risk to critical infrastructure and triggered a strong federal response. Interestingly enough, the DOJ was able to recover most of the ransom, and DarkSide, the group behind the attack, announced that it would be halting its operations.[2.]

More Articles Like This One:

The Department of Homeland Security has issued new rules that require critical pipeline owners and operators to report cybersecurity incidents within 12 hours and review their cybersecurity posture and submit the results within 30 days.[3] As we have seen the incident has underscored the need for government efforts to improve the nation’s cybersecurity and to form an international partnership to hold nations that shelter cybercriminals accountable.[4.]

Malicious Code:

As a Philip Morris International company, it is important that you understand the basics of cyber attacks in order to protect your assets from threats. Ransomware is a type of malicious code (malware) that compromises the victim’s computer system and the attacker uses the compromised system to encrypt files for which a ransom is demanded in exchange for the decryption key. Some of the attackers may also threaten to leak the company’s data. Globally, an estimated 305 million ransomware attacks were recorded in the year 2020 as compared to a 62% increase from the previous year, 2019. More than 200 million were reported in the United States.[5] Cybercriminal gangs have shifted their attention from targeting ‘data-intensive’ organizations such as retailers, insurers, and financial services to targeting businesses and other entities that are critical to the public health. JBS USA Holdings, a company that handles one-fifth of the U.S. livestock production, paid $11 million ransom, one week after the Colonial Pipeline attack.[6] As a result of relatively low spending on cybersecurity, healthcare systems are also a prime target, putting patient care at risk.[7] State and local governments, schools, and private companies of all sizes are also frequently attacked.[8]

As cyber attackers have chosen Philip Morris International employees as their target audience, it is crucial to enhance cybersecurity at your workplace and residential networks to avoid risks. Typically, ransomware groups, which are mainly from Russia and other countries in the Eastern region, set their ransoms based on the level of the victim company’s funds. Large operations may end in negotiation between the middle men and the victims or the cyber insurance companies. Although the FBI doesn’t recommend paying the ransom, key organizations and entities might not be able to afford to rebuild their IT systems and the cost of doing so may well be higher than the ransom demanded.[9]

Protecting Your Data:

Do you know that ransomware attacks are increasingly targeting seniors? According to the FBI, older people are especially vulnerable to ransomware scams because they are not very familiar with the cyber security measures and tend to open any email or make any call from an unknown number. Scammers especially target retirees, taking advantage of their fear of losing important information or their access to certain accounts. It is crucial for people in their 60s, including those working for Philip Morris International or retiring, to know the dangers and how to protect their electronic information. Major ransomware groups tend to target more profitable targets, but many cybercriminals attack individual consumers and demand ransom to lock their data, access their financial accounts, and sell their personal data.

If you work for Philip Morris International and you think that you or your company is at risk of being targeted by ransomware, the following will assist you in protecting your data.[10] Use good passwords and keep them safe. The Colonial Pipeline attack occurred through a leaked password of an old account that had remote server access,[11] which is why, as an employee of Philip Morris International and a potential target, your first line of defence is a good password. Use between 8 and 12 characters, including a mix of case, numbers, and special characters. Passwords that are longer and more complex are better than those that are short and simple. Avoid using personal information and words that can be found in the dictionary.

One way to do this is to use a password that can be transformed and remembered. For instance, Jack and Jill going up the hill to get a pail of water can be written as J&jwuth!!2faPow. It is more advisable to have different passwords for different accounts than to reuse a good password. You should use a password manager that generates random passwords that can be remembered using a strong master password. Do not share or write down your passwords. No simple solutions. When creating security questions that can be used to recover a password, be careful. Given that there is a lot of actual information that can be found online, it might be beneficial for employees of Philip Morris International to use fictitious answers that they can remember. If a criminal can guess your answer from the information that he or she got from the internet (for example, from your online profile), then he or she will be able to change your password and gain access to your account. Take two measures. Even if a thief gets your password, two-factor authentication, which is usually a text or email code sent to your phone, provides an extra protection.

Consider before clicking. As an employee of Philip Morris International using work systems, it is necessary to know that the most common way of transmitting ransomware and other malicious code to the affected computer is through a ‘phishing’ email that would require the recipient to open a link. There is no need to click on a link in an email or text message unless you know who sent it and where it is leading to. Install anti-virus software. Get and keep anti-virus software, a firewall, and an email filter. Old antivirus software does not provide protection against the latest infections. Backup your data. Back up to an external hard drive at regular intervals. The drive should be disconnected from the network during the intervals to enhance security. Maintain system updates. Use the latest operating system that is compatible with your computer and install security updates.

Most of the ransomware attacks are based on operating system and application vulnerabilities. If you get a message on your personal or company computer that you are infected with a virus or that your data is being demanded as a ransom, it is more likely a fake pop-up than an actual attack. These pop-ups are usually followed by a phone number for so-called technical support or to make a payment. As an employee of Philip Morris International, it is crucial that you do not make a call and do not click on the window and any links to avoid compromising the system. Try to close your browser and shut down your computer. More information and other tips can be found at the Cybersecurity & Infrastructure Security Agency website at us-cert.cisa.gov/ncas/tips.

Conclusion:

Featured Video

Articles you may find interesting:

Think of your digital information as a valuable property, like a family heirloom. This is why it is crucial to protect your data from ransomware as you do with your valuable items. Ransomware can be regarded as a clever burglar who steals your digital family heirloom and demands a ransom for it. By using strong passwords, having anti-virus software and being careful of phishing, you are in a way locking the digital safe. Another way of protecting your data is to make sure that you are backing up your data. This is because just as you would keep a copy of your heirloom in a different place, you do not want to leave your precious assets unattended. Hence, it is crucial to be proactive in protecting your digital assets so that you do not lose control over them.

Sources:

1. Morgan Stanley. Cybersecurity for Seniors: A Guide for Loved Ones . 2021. morganstanley.com .

2. National Council on Aging. Improving Personal Cybersecurity: 5 Tips for Seniors . 2021. ncoa.org .

3. Texas Department of Information Resources. Cybersecurity Tips for Retirees and Retirement-age Individuals . 2024. dir.texas.gov .

4. Wyoming Enterprise Technology Services. Seniors Online Safety Tips . 2021. ets.wyo.gov .

5. Florida Senior Consulting. Cybersecurity Guide for Seniors: A 2025 Update . 2025. floridaseniorconsulting.com .

How does the investment strategy outlined by the Philip Morris Group Pension Plan aim to ensure that sufficient assets are available to pay membersâ€™ benefits as they fall due? What specific return objectives has the Trustee established that reflect the financial goals of the Philip Morris Group Pension Plan?

Investment Strategy and Return Objectives: The primary objective of the Trustee's investment strategy is to ensure sufficient assets are available to pay members’ benefits as they fall due. The return objective set by the Trustee is to achieve a return above that achievable on index-linked gilts. The Trustee is mindful that growth can come from both investment performance and company contributions(Philip_Morris_Group_Pen…).

In what ways does the Philip Morris Group Pension Plan address the risks associated with inadequate long-term returns, and how has the Trustee structured the investment portfolio to mitigate potential stock market underperformance relative to inflation?

Addressing Risks and Portfolio Structure: The Philip Morris Group Pension Plan mitigates risks associated with inadequate long-term returns by investing around 20% of its portfolio in equities expected to outperform gilts. Approximately 50% of the portfolio is in index-linked gilts to provide protection from inflation(Philip_Morris_Group_Pen…).

What considerations does the Trustee of the Philip Morris Group Pension Plan have for environmental, social, and governance (ESG) factors in their investment strategy, and how do these considerations impact the overall financial performance of the Plan?

ESG Considerations: The Trustee acknowledges that environmental, social, and governance (ESG) factors are sources of risk, potentially impacting financial performance. Although the Plan's primary investment manager tracks market indexes without specific ESG constraints, the Trustee expects them to account for financially material considerations when engaging with investee companies(Philip_Morris_Group_Pen…).

How does the Philip Morris Group Pension Plan incorporate diversification within its investment strategy to protect against extreme stock market fluctuations, and what specific controls have been implemented by the Trustee to maintain an appropriate balance among asset classes?

Diversification Strategy and Controls: The Trustee implements diversification to protect against stock market fluctuations by investing in a variety of global asset classes and bonds. A mix of UK and overseas equities, along with government bonds, ensures appropriate balance and protection from extreme market volatility(Philip_Morris_Group_Pen…).

What procedures are in place for the Trustee of the Philip Morris Group Pension Plan to review and potentially revise the investment strategy based on performance assessments, market conditions, and changes in the economic environment?

Review and Revision of Strategy: The Trustee reviews the investment strategy periodically, especially following significant changes in investment policy or economic conditions. These reviews involve performance assessments and market evaluations in consultation with advisers(Philip_Morris_Group_Pen…).

How can members of the Philip Morris Group Pension Plan keep informed about any significant developments in investment strategy that may affect their benefits, and what communication methods does the Trustee employ to ensure transparency?

Member Communication and Transparency: Members are informed about significant developments in the Plan’s investment strategy through direct communications from the Trustee. Members can request a copy of the Statement of Investment Principles for further details(Philip_Morris_Group_Pen…).

What is the role of the investment manager, State Street Global Advisors, in the governance and performance of the Philip Morris Group Pension Plan's assets, and how does the Trustee evaluate the success of this partnership?

Role of State Street Global Advisors: State Street Global Advisors is responsible for the day-to-day management of the Plan’s assets. The Trustee evaluates the performance of State Street Global Advisors annually and ensures that their investment approach aligns with the Plan’s objectives(Philip_Morris_Group_Pen…).

How does the Philip Morris Group Pension Plan handle the issue of Additional Voluntary Contributions (AVCs), especially considering the decision to no longer allow active members to make these contributions since April 2006?

Additional Voluntary Contributions (AVCs): Active members have been unable to make Additional Voluntary Contributions to the Plan since April 2006. The Plan offers various options for members with existing AVCs, including investments in passive funds and with-profits funds(Philip_Morris_Group_Pen…).

What specific risks, aside from investment risks, does the Trustee of the Philip Morris Group Pension Plan need to prepare for, such as mortality or sponsor risks, and how do these factors influence the overall funding strategy of the Plan?

Other Risks (Mortality, Sponsor, etc.): The Trustee prepares for non-investment risks like mortality risk and sponsor risk, which can affect the Plan’s funding strategy. These risks are considered alongside investment risks to manage overall funding risk(Philip_Morris_Group_Pen…).

For employees seeking more information regarding the content of the Philip Morris Group Pension Plan documents, what are the best channels to contact the company, and who specifically should they reach out to within human resources or benefits administration?

Contact for More Information: Employees seeking more information about the Philip Morris Group Pension Plan should contact the Plan administrators, Lane Clark & Peacock LLP, or reach out to human resources or benefits administration for assistance(Philip_Morris_Group_Pen…).

With the current political climate we are in it is important to keep up with current news and remain knowledgeable about your benefits.

Philip Morris International provides RSUs and stock options to eligible employees.