SCP-4943 Unknown ~ medium confidence
SCP-4943
Expected annual
$5.2M
One-time setup
$3.4M
Annual recurring
$5.1M
Personnel
27
First-year one-time setup is moderate (several hundred thousand to low millions) while the dominant recurring expense is highly skilled personnel and monitoring/EDR tooling. Main drivers are staff wages, OSINT/monitoring, EDR/SIEM, and potential device-replacement contingencies.
🏗️ One-Time Capital Costs Total: $3.4M
Contingency Reserve $1.0M
[#25] Contingency buffer for escalated scenarios (10–50% style reserve; mid-range one-time buffer).
Device Recovery And Replacement $875K
[#11] Budget for professional data recovery and replacement hardware for an estimated 500 affected machines (mid-range estimate).
Facilities $350K
[#2, #13] Air-gapped forensic lab build-out (Faraday cage, shielding) and retrofit/quarantine room construction and access control.
Equipment $330K
[#3, #4, #5, #6, #10] Controlled-exposure hardware and PPE, secure evidence cabinets, disk imagers/write-blockers/high-capacity arrays and virtualization/compute nodes, initial storage array purchase.
Insurance Reserve $300K
[#21] One-time reserve to cover potential third-party claims and initial liability exposure.
Initial Research And Lab Setup $215K
[#7, #20, #23] Development/testing of safe removal/cleanup tool (senior devs/QA), initial ingestion/archival costs, and one-time software/tooling/integration development for automated cleanup.
Law Enforcement Liaison One Time $100K
[#22] One-time budget for cooperating with law enforcement/covert ops or cross-jurisdictional investigations at initial engagement levels.
Patch Distribution One Time $80K
[#8] Planning and executing the first large rollouts of removal tools/hotfixes (WSUS/MDM staging, rollback plans).
Initial Secure Transport $50K
[#12] Initial bulk secure courier/transfers of contaminated hardware between sites and labs.
Pr Response Reserve $50K
[#17] Per-incident PR/cover-story budget reserved for an urgent media incident or leak.
Training And Sop Development $30K
[#18] One-time development of SOPs, curricula, and initial training for handling 'no-physical-contact' procedures.
🔄 Annual Recurring Costs Total: $5.1M/yr
Staff Wages $3.4M/yr
[#1, #15, #19, #16, #8, #13] Dedicated incident response/reverse-engineering team (senior + mid-level with benefits/overhead), OSINT/monitoring analysts, researchers, liaison time, patch helpdesk staff, and on-site security staffing.
Research And Monitoring $725K/yr
[#5, #9, #10, #16, #19, #23, #20] EDR/endpoint/SIEM ops and monitoring, forensic storage capacity retention, license renewals, outreach/liaison operational costs, ongoing research FTEs and automated cleanup/integration maintenance, and archival preservation.
Cover Story And Legal $345K/yr
[#14, #15, #17] Legal retainer and takedown operations, OSINT tooling/cloud infra for suppression, and ongoing PR/cover-story management.
Contingency Reserve $200K/yr
[#25] Annual contingency reserve to fund escalations without immediate capital approvals.
Patch Support And Helpdesk $100K/yr
[#8] Ongoing support for remote remediation, staged rollouts, helpdesk and rollback operations.
Insurance Premiums $100K/yr
[#21] Annual premiums / liability coverage to mitigate third-party claims.
Law Enforcement Liaison Ops $100K/yr
[#22] Ongoing liaison, legal assistance and cooperative ops funding with public-sector partners.
Facilities Maintenance $60K/yr
[#4, #6, #13] Climate-controlled evidence storage maintenance, power/cooling for virtualization nodes, and ongoing security/room maintenance for quarantine areas.
Supplies And Consumables $20K/yr
[#3, #24] Consumable PPE, anti-static bags, replacement drives, write-blockers, labels and small workshop materials.
Logistics And Transport $20K/yr
[#12] Routine secure courier/transfers and chain-of-custody logistics per year (baseline operations).
Training Refresher $15K/yr
[#18] Annual refresher training and drills for custodians and handlers.
Code Signing Certificates $500/yr
[#7] Annual cost for code-signing certificates necessary for distributing signed cleanup tools.
Cost Scenarios
📊 Baseline (baseline) $5.1M/yr
83.0% probability / year
Normal year with containment/monitoring operations ongoing and no major incidents.
no major breach routine monitoring scheduled patching
🚨 Minor Incident $5.4M/yr
15.0% probability / year +$300K vs baseline
Localized outbreak or public leak requiring targeted remediation, extra PR/legal work, and limited device replacements.
small variant spread forum leak / localized outbreak
🚨 Major Breach $9.6M/yr
2.0% probability / year +$4.5M vs baseline
Widespread variant causing mass device failures, prolonged litigation or large-scale remediation and replacement.
mass device corruption prolonged legal action nationwide/enterprise-scale spread
👥 Personnel 27 total
Role Count Notes
Senior Reverse Engineer / Incident Responder 4 [#1] Senior analysts responsible for reverse-engineering and incident response (senior-level).
Mid-level Malware Analyst 4 [#1] Mid-level analysts supporting reverse engineering and 24/7 on-call coverage.
OSINT / Monitoring Analyst 8 [#15] Analysts performing continuous forum/social monitoring, automated scraping and content suppression.
Research Scientist 2 [#19] FTE researchers studying registry mechanics, persistence and communications.
Patch Distribution / Helpdesk Staff 4 [#8] Staff to manage WSUS/MDM rollouts, staged remediation and helpdesk for affected endpoints.
Security Officer / On-site Guard 2 [#13] Physical security for quarantine rooms and evidence storage.
Administrative / Liaison 2 [#16] Outreach and liaison personnel coordinating with Microsoft/OEMs and external partners.
📋 Confidence Notes
Notes provide detailed ranges for many line items (personnel, hardware, remediation), enabling mid-level confidence; however endpoint counts, breach frequency and legal exposure are uncertain so cost ranges remain material.
← SCP-4942 ↑ All SCPs SCP-4944 →