Which term is bait used to detect ransomware attacks?

Using decoy files as bait is a deception-based detection approach. Decoy files are fake or non-critical documents placed where attackers are likely to search for valuable data. When ransomware or an intruder touches or tries to encrypt these files, the activity is monitored and alerts are triggered, providing early visibility into the attack without waiting for real data to be harmed. This works well because legitimate users rarely interact with planted bait, so unusual access to these files stands out as suspicious activity. Other options describe broader services or signals rather than a baiting mechanism. A threat hunting service is a proactive search for threats, not a trap that triggers when the attacker acts. Indicators of attack are the telltale artifacts or behaviors observed during an intrusion, useful for detection but not the bait itself. Malware behavior detection focuses on recognizing malicious actions, not on deploying deceptive objects to reveal an attacker. Decoy files uniquely serve as bait to detect ransomware activity.