Once upon a time, victims of ransomware kept quiet about their misfortunes, with petrified leaders nervously improvising a way to get past the extortion. Now, two new large-scale studies have compiled many of those miserable experiences for collective lessons, examining 786 ransom negotiation transcripts and 253 companies’ recovery experiences. This second article in a two-part series distills the studies’ findings, with insights from the studies’ co‑authors, into ten steps to prepare for and navigate a ransomware payment decision. The first article examined the common factors that helped companies avoid paying ransoms, with commentary from the studies’ authors at NCC Group and Booz Allen Hamilton. See “Necessary Precautions, Compliance Considerations and Ancillary Risks to Mitigate From a Ransomware Attack (Part Two of Two)” (Dec. 21, 2021).