Post-Extortion Business Recovery: 90-Day Rebuild Plan (2026)

Q: How do we prevent this from happening again?

Institutionalize three defenses: real-time review monitoring with same-day alerts, a documented incident response playbook every manager has rehearsed, and ongoing review velocity that keeps your profile resilient against bursts of fake content. Businesses with 100+ recent authentic reviews absorb future attacks far more easily than thin profiles.

Key Takeaways

Post extortion business recovery runs in five phases over 90 days — stabilize, audit, rebuild, accelerate, institutionalize. Skipping a phase compresses outcomes and often forces a second recovery cycle within six months.
The first 72 hours are about containment, not heroics. Pause marketing, brief staff, file emergency disputes, and resist the urge to publicly retaliate or post defensive statements.
Star rating math is mechanical. Recovering a 0.4-star drop typically requires 40 to 80 new authentic reviews depending on profile depth. Plan the acquisition cadence accordingly.
Customer trust rebuilds through quiet competence. Past customers who experienced the brand pre-attack are the most efficient recovery channel — they convert faster than cold acquisition and produce higher-rated reviews.
The institutionalization phase is non-negotiable. Without monitoring, playbooks, and staff training, businesses that recover from one attack are 3x more likely to be re-targeted within 18 months.

Table of Contents

Recovery priorities in the first 72 hours
Days 1-7: stabilize the bleeding
Days 8-30: comprehensive reputation audit
Days 31-60: rebuild customer trust
Days 61-80: accelerate positive momentum
Days 81-90: institutionalize defenses
Recovery success metrics: when you've recovered

Post extortion business recovery 90-day rebuild plan diagram showing five phases of reputation, operations, and customer trust restoration

Post extortion business recovery is the work that begins after the threat ends — after the FBI report is filed, after Google has acknowledged the dispute queue, after the immediate panic of fake reviews flooding your profile has subsided. The attack is over; the rebuild has not started. This is the phase most business owners get wrong. Some declare victory the moment the extortionist goes quiet, only to find their star rating still depressed and their lead pipeline still soft 60 days later. Others over-correct with public statements and emotional pricing decisions that make the damage worse. The 90-day rebuild plan in this guide replaces that improvisation with a structured, sequenced framework used by businesses that have come through extortion attacks intact — and stayed that way.

The plan is built around five phases: stabilize, audit, rebuild, accelerate, and institutionalize. Each phase has explicit start and end dates, defined success signals, and a handoff into the next phase. Skip a phase and the rebuild loses sequence; the most common pattern of failure is jumping from stabilization directly into acquisition marketing without auditing the damage or rebuilding trust with existing customers. By the end of the 90 days, your visible reputation, operational rhythm, and defensive posture should all be stronger than they were before the attack — because the worst thing you can do after surviving an extortion attempt is leave the same conditions in place that made you a target.

Recovery priorities in the first 72 hours

Once the active extortion has been reported and the threat actor has gone silent, the first 72 hours of post-attack recovery have a different rhythm than the crisis itself. The triage list shifts from "stop the threat" to "stop the secondary damage." Most secondary damage in this window is self-inflicted: emotional public statements, panicked pricing decisions, mass customer apology emails, or aggressive review solicitation that triggers Google's policy filters and erases legitimate reviews along with the fake ones.

Triage what is actually broken. Separate the visible damage (star rating, fake reviews, search snippets) from the operational damage (canceled bookings, paused ads, frontline staff morale). Visible damage is mostly mechanical and reversible. Operational damage is where revenue actually leaks. Start a single tracker that lists each category, the current state, the desired state at day 90, and the owner.

Designate a single recovery lead. One person — owner, operations manager, or marketing lead — owns the rebuild. Distributed ownership at this stage produces conflicting decisions and missed handoffs. The lead is responsible for the daily standup (10 minutes, every morning, for the first 30 days), the dispute log, the customer outreach plan, and the relationship with any external vendors (counsel, dispute service, PR if needed).

Hold the line on impulse decisions. No public statements, no discount campaigns, no rebrand discussions, no firing of staff who handled the incident. Recovery is a 90-day process; decisions made in the first 72 hours under stress are rarely the ones a recovered business looks back on with pride. Lock impulse decisions for at least 14 days.

Days 1-7: stabilize the bleeding

Phase one is containment. The goal is to halt revenue loss, stabilize your team, and put a clean perimeter around the damage so the audit phase can proceed without the situation worsening day over day. Stabilization is mechanical work — checklists, switches, briefings — not strategy.

Freeze paid marketing for 7 days. Pause Google Ads, Meta Ads, and any third-party listing promotions. The visible profile is currently misrepresenting your business and you do not want to spend acquisition dollars driving traffic into a depressed star rating. Email nurture, retargeting of warm audiences, and existing-customer comms can continue.

Brief the team in person, once. Frontline staff need to know three things: what happened (in plain language), what they should say if a customer asks (a single approved sentence), and what they should escalate to the recovery lead. Repeated all-hands meetings during this phase amplify anxiety; one clear briefing followed by daily 10-minute leadership huddles works better.

File the dispute batch. Every fake review still visible on Google, Yelp, BBB, Trustpilot, and category-specific platforms gets flagged this week. Use the platform's official policy-violation channels with specific evidence: posting clusters, account ages, content overlaps with the extortion threat sample. If you are using a professional dispute service like Flaggd, hand off the full evidence package now — speed matters because newer reviews are easier to flag than reviews that have collected reactions and replies.

Lock down communications. Route any inbound contact attempting to negotiate or follow up on the extortion to a single inbox monitored by the recovery lead and forwarded to law enforcement. Frontline staff and reception should not respond to anything that looks remotely like a follow-up — they should escalate.

Establish the daily standup. Ten minutes, same time, every morning, for the next 30 days. Three questions only: what disputes resolved overnight, what customer signals came in, what blocks the next 24 hours. The standup is the operational spine of the rebuild.

Recovery Mindset 1/3 Tap each card to reveal the answer

How long until emotional clarity returns after the attack?

Most owners report a noticeable shift around day 10 to 14 once the dispute pipeline is moving and daily standups establish routine. Decisions made before day 14 should be logged but rarely executed.

How do we keep team morale from collapsing?

Be transparent about what happened, give staff a single approved response line for customers, and resist over-explaining at all-hands meetings. Calm consistency beats reassurance speeches.

Will customers notice the dip?

Existing customers usually do not. Cold prospects researching your business may. The recovery work focuses on the second group — making sure visible signals match operational reality before they ever reach you.

Should the owner take time off during recovery?

Counterintuitively, yes — a planned half-day per week of distance prevents the obsessive monitoring loop that distorts judgment. Recovery is a marathon; pacing matters.

How do we handle inbound press or social attention?

No comment on the active investigation. A single line — "We are working with law enforcement on an ongoing matter and cannot comment further" — is sufficient. Do not elaborate.

Is it normal to feel paranoid afterward?

Yes. Most owners over-monitor in the first 30 days. The institutionalize phase converts that vigilance into automated alerts so you can step back without losing situational awareness.

When can the recovery lead step back to normal duties?

Around day 45, once the audit is closed and the customer trust phase is running on a published cadence. Full handoff to operating rhythm typically happens at day 75.

What is the single biggest mindset trap to avoid?

Treating the rebuild as a story to tell customers. It isn't. The work is mostly invisible to outsiders. Quiet competence over a quarter beats any narrative campaign.

Days 8-30: comprehensive reputation audit

Phase two scopes the damage. By the end of week one, the bleeding is contained and the immediate disputes are filed; phase two answers the question of what actually needs to be rebuilt. The audit is a three-week sweep across every channel where your business reputation lives.

Channel-by-channel review inventory. Build a single spreadsheet listing every review on Google Business Profile, Yelp, Trustpilot, BBB, Facebook, industry-specific sites (Healthgrades, Avvo, Houzz, TripAdvisor, OpenTable), and category aggregators. For each: date, rating, reviewer name, dispute status, content category (fake from attack, legitimate-negative, legitimate-positive, unclear). The inventory becomes the evidence base for ongoing dispute work and for measuring recovery.

Search snippet audit. Search your business name, owner name, and primary service in Google and Bing. Capture the visible knowledge panel, the first three results, the People Also Ask box, and any local pack listings. Note any narrative damage — auto-suggest pollution, defamatory headlines surfaced in results, suppressed positive content. Search snippets often lag behind review dispute resolution by 14 to 30 days; the audit gives you a baseline to measure against.

Social listening sweep. Use a free or paid social listening tool to capture mentions across X, Reddit, TikTok, Facebook groups, and Nextdoor. Extortion attacks frequently include coordinated social posts — these need to be cataloged and reported to each platform. Many extortionists abandon their social posts after the dispute campaign starts, so capture screenshots before they self-delete.

Operational damage review. Pull canceled bookings, refund requests, support tickets, and any customer-cited reasons during and after the attack window. Look for direct mentions of the fake reviews ("I read on Google that...") and indirect signals (sudden drops in conversion rate, longer sales cycles, increased "is everything ok?" inbound). This data tells you which customer segments need targeted re-engagement in the next phase.

Legal and insurance file. By day 30, every document related to the incident should live in one organized folder: extortion communications, IC3 confirmation, police report numbers, dispute submissions and outcomes, screenshots, financial impact estimates, and any insurance correspondence. The file supports both ongoing law enforcement work and any future civil action.

90-day recovery milestone tracker
Phase	Day Range	Key Action	Success Signal
Stabilize	Days 1-3	Pause paid media, brief team, file emergency disputes	All visible fake reviews flagged; team aligned on response line
Stabilize	Days 4-7	Lock down comms, establish daily standup, file insurance notice	Single inbound channel for follow-up; standup running
Audit	Days 8-15	Channel-by-channel review inventory across all platforms	Complete spreadsheet of every review with status
Audit	Days 16-30	Search snippet audit, social listening sweep, ops damage review	Damage scoped; recovery KPIs defined
Rebuild	Days 31-45	Past-customer outreach campaign launches	15-25 authentic new reviews from re-engaged customers
Rebuild	Days 46-60	Restart in-flow review requests, publish content cadence	Star rating recovers within 0.3 of baseline
Accelerate	Days 61-80	Reopen acquisition marketing, sustain review velocity	CPL within 10% of pre-attack baseline
Institutionalize	Days 81-90	Stand up monitoring stack, finalize incident playbook, train staff	Playbook signed off; first quarterly drill scheduled

Days 31-60: rebuild customer trust

Phase three rebuilds the asset that the attack actually damaged: customer trust. The audit is closed, the dispute pipeline is moving, and the visible profile has begun to stabilize. Now the work is to convert your existing customer base into a recovery engine — not by asking them for help, but by giving them reasons to re-engage and review on their own.

Past-customer outreach campaign. Segment your customer database by recency: customers within the last 90 days, 90 to 365 days, and 1 to 2 years. The first segment gets a personalized email from the owner thanking them for their business and inviting feedback in any form (review, direct reply, referral). No mention of the attack. The second and third segments get a softer touch — a service update or a "we'd love to have you back" message tied to a relevant offer. Conversion to a fresh review on the recent segment typically runs 8 to 14% with a well-written email.

Restart in-flow review requests. Every customer transaction completed during this phase should trigger a review request — at the natural moment of satisfaction (after service delivery, after a successful resolution, after a positive milestone). Use neutral language that asks all customers to share their experience, not just happy ones. Review gating is a Google policy violation and will torpedo the rebuild.

Publish a content cadence that signals operational normalcy. Two to three pieces a week — blog posts, social updates, project highlights, customer features — published consistently for 30 days demonstrate to anyone researching your business that operations are healthy. Content does not need to mention the attack. The signal is regularity, not narrative.

Owner responses on residual fake reviews. Where Google has not yet removed a fake review, post a short professional response: "We have reported this review and are working with the platform's content moderation team. Our verified customers can be found in our most recent reviews." No emotional language, no callouts. The response is read by future researchers, not by the reviewer.

Local outreach for high-trust businesses. Restaurants, medical practices, contractors, and local services benefit from re-engaging community channels: chamber of commerce, neighborhood Facebook groups, local press relationships, and supplier networks. Not as crisis comms — as ordinary visibility. A normal-looking presence in local channels accelerates the perception that nothing is wrong.

Customer Re-Engagement Tactics 2/3 Tap each card to reveal the answer

What's the right opening line for the past-customer email?

"I wanted to reach out personally to thank you for choosing us — your support genuinely matters." Specific, owner-signed, no apology framing, no mention of recent events.

Should the email ask directly for a review?

Soft-ask: "If you've had a moment that stood out, sharing it on Google would mean a lot." A hard ask in this phase reads as defensive. Frame it as optional gratitude, not as recovery work.

How do we win back customers who paused during the attack?

A short call or personal email from the owner outperforms any discount. The signal is human attention. If a discount is offered, frame it as appreciation, not apology.

Should we run a "we're back" campaign?

No. "We're back" implies you went away, which most customers did not perceive. Just be visible doing normal business. Normalcy is the message.

What's the ideal review request timing post-service?

24 to 48 hours after the experience completes — late enough that the customer has had time to reflect, early enough that the experience is still fresh. SMS outperforms email for high-touch services.

How do we handle a customer who asks about the fake reviews?

Brief, factual, calm: "We were targeted by a coordinated review attack, reported it to law enforcement and Google, and disputes are working through. Thank you for asking — most customers wouldn't notice." Then return to the conversation at hand.

Is it okay to use referral incentives during this phase?

Yes — referral programs that reward both sides are policy-safe and useful. Just keep referrals separate from review solicitation; never offer compensation for a review.

What signals should we measure during the rebuild phase?

Authentic new review velocity per week, star rating drift, repeat-customer booking rate, and inbound mentions of the attack. The last metric should approach zero by day 60.

Days 61-80: accelerate positive momentum

Phase four converts the recovered position into accelerating momentum. By day 60, your visible star rating should be within 0.3 of the pre-attack baseline, your customer pipeline should be re-engaging, and most disputes should be resolved or in final appeal. Phase four is where you reopen acquisition and let the accumulated review velocity carry the brand through the final stretch.

Star rating recovery math. A business with 200 lifetime reviews at 4.7 stars that drops to 4.3 stars after a 20-review fake-review attack needs roughly 35 to 45 new authentic 5-star reviews to return to 4.7, assuming half of the fake reviews are eventually removed. The math is mechanical: each new 5-star review on a base of 200 moves the average by approximately 0.0015 stars. Plan a daily acquisition target — typically 1 to 3 new reviews per day during phase four — and the rating recovers on schedule.

Reopen acquisition marketing. Restart Google Ads and Meta Ads at 50% of pre-attack budget. Monitor cost-per-lead and conversion rate daily; if either is materially worse than baseline, pause and revisit the visible profile. Most businesses see CPL within 10 to 15% of baseline by day 75, and full recovery to baseline by day 90.

Sustain review velocity. Do not let the daily review request cadence drop now that the rating is approaching baseline. Sustained velocity is what makes the profile resilient against future attacks — a profile receiving 30+ authentic reviews per month dilutes a 20-review fake-review burst within weeks; a profile receiving 2 reviews per month takes quarters.

Performance reviews on the dispute pipeline. By day 75, audit the dispute outcomes. Reviews that were removed, reviews that were declined, reviews still pending. Decide on second-tier appeals for declines, and document the patterns for the institutionalize phase. The audit data feeds directly into your future incident playbook.

Reactivate dormant marketing channels. Email re-engagement, partner co-marketing, content syndication, and PR pitches that were paused during phases one through three can resume. The cumulative effect of multiple visible signals returning to normal is what accelerates the perception of full recovery.

Recovery Support

Rebuilding after an extortion attack? Flaggd runs the dispute engine.

We file the residual disputes, run second-tier appeals, and feed daily progress data into your 90-day rebuild plan so the recovery lead can focus on customers, not paperwork.

2,400+

Disputes Filed

89%

Removal Success Rate

14-day

Avg Resolution

Start Recovery Now →

Days 81-90: institutionalize defenses

Phase five is the difference between businesses that recover once and businesses that stay recovered. Without institutionalization, the same conditions that made you a target the first time remain in place — thin profile depth, no monitoring, untrained staff, no documented response. Institutionalization closes those gaps so the next attack (and there often is one) is absorbed instead of survived.

Stand up a real-time monitoring stack. At minimum: Google Business Profile review notifications enabled, Google Alerts on your business name and owner names, a basic social listening tool covering X / Reddit / Facebook, and a single dashboard that consolidates the daily count of new reviews and mentions. Same-day awareness is the difference between flagging an attack within hours versus discovering it days later.

Document the incident response playbook. A written, dated, owned playbook covering: what to do in the first hour, the first 24 hours, the first week. Who calls law enforcement, who files disputes, who pauses ads, who briefs staff, who handles inbound press. Print it. Store digital and physical copies. Review it quarterly. The playbook is the artifact that converts experience into capability.

Train every manager. A 30-minute walkthrough of the playbook for every person with operational authority — not just the recovery lead. Cover what an extortion threat looks like, how to escalate, and what not to do (don't engage, don't respond emotionally, don't pay). Document attendance and refresh the training annually.

Schedule the first quarterly drill. A two-hour exercise where the team responds to a simulated extortion email. The drill exposes gaps in the playbook, refreshes muscle memory, and signals to the organization that defense is ongoing operational work, not a one-time project. Most well-defended businesses run drills quarterly for the first year and twice annually thereafter.

Lock in the review velocity baseline. The institutionalization phase ends with a documented monthly review acquisition target — typically 15 to 30 reviews per month for service businesses, higher for restaurants and high-volume retail. The target is reviewed quarterly and tied to a named owner. Steady velocity is the strongest single defense against future attacks.

Close the legal file. By day 90, follow up with your IC3 case and local police on investigation status. Most cases stay open for 12 to 18 months; an end-of-quarter status check creates a routine touchpoint without becoming intrusive. Archive the legal file and move it to long-term storage with a calendar reminder for the 6-month follow-up.

Long-Term Defense Habits 3/3 Tap each card to reveal the answer

What is the single most important monitoring tool to set up?

Google Business Profile review notifications routed to a monitored inbox. Same-day awareness of new reviews catches both attacks and customer signals before they become problems.

How often should the playbook be reviewed?

Quarterly for the first year, semi-annually thereafter. After any near-miss or actual incident, refresh immediately.

What's the ideal monthly review acquisition target?

15 to 30 authentic reviews per month for most service businesses, scaled up for higher-volume categories. The target should be high enough to absorb a 20-review attack within 30 days.

Who should own the monitoring stack day to day?

A named individual, not "the team." Distributed ownership of monitoring is how alerts get missed. The owner reviews the dashboard daily and escalates anomalies.

Should staff training cover legal exposure?

Briefly, yes — staff should know that paying or negotiating with an extortionist creates legal risk and that all threats route to the recovery lead immediately, no exceptions.

What does a quarterly drill actually look like?

A simulated extortion email is dropped into the team's inbox without warning. The team executes the playbook for two hours. Afterward, gaps are documented and the playbook is updated.

How do we keep the alert system from creating noise fatigue?

Tier alerts: critical (new 1-star, threat language) goes to phone; informational (any new review) goes to email. Most fatigue comes from treating every signal as critical.

Is professional dispute management worth retaining long term?

For businesses that have been attacked once, yes. The marginal cost of a retainer is small relative to the cost of a second attack handled without expert dispute filing.

Recovery success metrics: when you've recovered

Recovery is not a feeling — it is a measurable state. The 90-day rebuild plan ends with a defined set of KPIs that, when achieved, signal the rebuild is complete and the business has returned to operating posture. Without explicit metrics, owners either declare victory too early or remain stuck in recovery mode for quarters longer than necessary.

Visible reputation metrics. Star rating within 0.1 of pre-attack baseline. Review count at or above pre-attack baseline. Search snippets free of attack-related content. Knowledge panel restored. These are mechanical and easy to measure — pull them weekly during the rebuild and lock the final reading at day 90.

Operational metrics. Cost-per-lead within 10% of baseline. Booking conversion rate within 5% of baseline. Repeat-customer rate at or above baseline. Inbound mentions of the attack at or near zero. These confirm the visible recovery is translating into commercial recovery.

Defensive posture metrics. Monitoring stack live with named owner. Playbook signed off and stored in retrievable form. All managers trained and attendance documented. First quarterly drill scheduled within 90 days of plan completion. Dispute pipeline documented and second-tier appeals routed where applicable. These signal that institutional capability has been built, not just a one-time recovery executed.

Team and owner state. Daily standup retired. Recovery lead returned to normal duties. Owner not checking review profiles outside scheduled review times. Frontline staff confidence restored — measured by spot-checking the approved customer-response line and the escalation path. Cultural recovery lags operational recovery by about 30 days; expect full team normalcy around day 120, not day 90.

The honest test. Ask: if a similar attack happened tomorrow, how would the response differ from the first one? If the answer is "we'd respond within an hour using the playbook, with monitoring catching it the same day, and we have the dispute service on retainer" — recovery is complete. If the answer is uncertain, return to the institutionalization phase and close the gaps before declaring done.

Recognize threat patterns and capture evidence the moment a demand arrives.

Report active extortion to Google and law enforcement

Step-by-step IC3 filing, FBI escalation, and Google Business Profile reporting.

Recover your Google star rating math

Run the numbers on how many authentic reviews it takes to return to baseline.

Quantify the revenue damage of the attack

Convert star-rating drops into dollar impact for budgeting and insurance claims.

Build a long-term reputation management system

The standing operational program that makes future attacks recoverable in days.

Set up alerts so you never get blindsided again

Configure same-day alerting across Google, Yelp, and social so the next attack is caught in hours.

Frequently asked questions

How long does full reputation recovery take after extortion?

Full recovery typically takes 90 to 180 days. Star ratings stabilize around the 60-day mark when authentic review velocity outweighs residual fake content, and customer acquisition metrics return to pre-attack baselines between days 90 and 180. Businesses with a strong pre-attack review base recover roughly twice as fast as thin-profile businesses, which is why ongoing review velocity is the single most important defensive habit.

Should we publicly address the extortion attempt?

In most cases, no public statement is needed. A brief professional response under the fraudulent reviews stating that an investigation is underway is sufficient. Broader announcements (press releases, social posts, mass customer emails) tend to amplify the attack, confuse customers who never noticed it, and complicate any active law enforcement investigation. Wait for explicit guidance from your investigator before any public disclosure of the threat itself.

When can we resume marketing and advertising?

Pause paid media for 7 to 14 days while disputes are filed and the visible profile begins to stabilize. Resume gradually starting day 15, beginning with retargeting and existing-customer comms. Do not relaunch top-of-funnel acquisition spend until your visible star rating is within 0.3 stars of the pre-attack baseline, which typically occurs around day 30 to 45 if the rebuild plan is followed.

How do we handle remaining fake reviews Google won't remove?

Reviews that survive the dispute process can still be addressed: file a second-tier appeal with new evidence, post a calm professional owner response that future researchers will read, accelerate authentic review velocity to dilute the impact, and consult counsel about defamation claims if the review contains false statements of fact. Do not resubmit identical disputes — Google's moderators flag repeat submissions, which often blocks future review of the same content.

What if the extortionist returns?

Treat any new contact as an evidentiary event, not a negotiation. Document the new message, append it to your existing IC3 file via the supplemental complaint process, alert your assigned investigator if you have one, and re-flag your Google Business Profile. A returning extortionist often strengthens the federal case because pattern conduct establishes intent — which is why staying out of negotiation and routing everything to law enforcement is the correct move.

Should we sue the extortionist?

Civil suits are usually only worthwhile after the criminal case identifies the attacker, since most extortionists operate anonymously and are judgment-proof until unmasked. Once identified, civil claims for tortious interference, defamation, and intentional infliction of economic harm become viable, often consolidated with the criminal restitution order. Consult counsel before filing independently — premature civil action can complicate the criminal investigation.

How do we prevent this from happening again?

Institutionalize three defenses during phase five of the rebuild: real-time review monitoring with same-day alerts, a documented incident response playbook that every manager has rehearsed, and ongoing review velocity that keeps your profile resilient against bursts of fake content. Businesses with 100+ recent authentic reviews and a live monitoring stack absorb future attacks far more easily than thin profiles operating on ad-hoc response.

Post extortion business recovery is a finite, structured process — not an open-ended ordeal. The 90-day rebuild plan exists because recovery follows a predictable sequence: stabilize, audit, rebuild, accelerate, institutionalize. Skip the sequence and the rebuild stalls. Follow it and most businesses come through the experience operationally stronger than they entered it, with a defensive posture that makes future attacks recoverable in days rather than quarters. The work is mostly quiet — disputes filed, customers re-engaged, dashboards built, playbooks rehearsed. None of it makes a great story. All of it makes a durable business. If you are at day one of this process and the dust has not yet settled, focus only on phase one: pause marketing, brief the team, file the disputes, hold the line on impulse decisions. The rest of the plan unlocks once stabilization is real. And if the dispute pipeline is the part of the rebuild you would rather hand off, that is exactly where Flaggd's recovery support fits — start the conversation when you're ready.