Decoy files protect endpoints against ransomware and add a layer of protection. A set of decoy files is present on all managed endpoints to serve as bait, and in the event of any suspicious activity, such as encryption of the decoy files, an immediate alert is issued, indicating a potential ransomware attack. Upon studying ransomware attacks, we have strategically placed these files in various folders across all managed endpoints. This proactive measure ensures that if the decoy files are encrypted, timely alerts are sent to the administrator for prompt response and mitigation. The bait files' names are "database.docx", "ME.txt", and "screenshoot.jpg".