deploying-decoy-files-for-ransomware-detection

Installation
SKILL.md

Deploying Decoy Files for Ransomware Detection

When to Use

  • Setting up early-warning detection for ransomware on file servers or endpoints
  • Supplementing EDR/AV with a deception-based detection layer that catches unknown ransomware variants
  • Creating high-fidelity ransomware alerts that have very low false-positive rates (legitimate users have no reason to touch decoy files)
  • Testing ransomware response procedures by validating that canary file modifications trigger the expected alerting pipeline
  • Protecting high-value file shares (finance, HR, legal) with tripwire files that indicate unauthorized encryption activity

Do not use decoy files as the sole ransomware defense. They are a detection mechanism, not a prevention mechanism, and should complement backups, EDR, and access controls.

Prerequisites

Installs
29
GitHub Stars
24.2K
First Seen
Mar 20, 2026
deploying-decoy-files-for-ransomware-detection — mukul975/anthropic-cybersecurity-skills