Update: u/jetboy01 noted that I used the wrong term. It's "canary file", not "honeypot file"
I was daydreaming of a way to prevent ransomware from destroying the good backup files stored on another drive or server.
I was thinking of having lots of honeypot files sprinkled around various directories on my server. Each important directory would get its own honeypot file.
Before any backup job begins, a batch file would check all the honeypot files. If any honeypot file fails a file comparison, the backup job is never started.
Unfortunately, I am not familiar enough with how ransomware works. If it is dumb and encrypts all the files it finds as quickly as possible (in the pursuit of maximum damage) then at least one or some of the honeypot files would get encrypted. And then my low-tech defense would work.
But if they want to be sneaky and do a few files at a time, then my honeypots won't necessarily get hit and my test would unwisely let a backup job start.
Will this partly baked idea work?