Securing top-secret facility after a beak-in (where we know keyloggers and such were installed) is a bit more expensive than popping the hood of the car. At minimum, whole OS and all software packages have to be reinstalled from known clean media, and whole software stack needs to be recreated from scratch, without using backups (which could be compromised too). If you're properly paranoid, add new hardware too (most of the current hardware is programmable at some level, i.e. needs to be replaced after a breakin). And then you need to invalidate all passwords on all the systems and have everybody to reset their passwords. And not only user login passwords - all router passwords, domain passwords, service logins, everything.
I can easily see how such work can take, for multiple systems, several weeks and 41K is not an outrageous sum for completely recreating the system. Especially when something controlling life-preserving equipment is involved - which means additional testing, etc. - it's not a website that you can just push into production and if some page glitches the user would tell you.
I can easily see how such work can take, for multiple systems, several weeks and 41K is not an outrageous sum for completely recreating the system. Especially when something controlling life-preserving equipment is involved - which means additional testing, etc. - it's not a website that you can just push into production and if some page glitches the user would tell you.