The application discloses a ransomware security operations center that execute a method for ransomware strike detection and defense. The ransom-SOC leverages honey folders and files, a decoy to detect whether an ongoing ransomware strike is occurring, and local data hiding, a technique that exploits the design flaw of ransomware to enable local data backup subtly, such that ransomware can be detect earlier, the impact of the ransomware infection on the target systems can be reduced, and the critical data survival time for server and workstation can be kept longer during a ransomware strike. The prototype and experiment results suggest that the ransomware security operations center is feasible and can achieve a high data recovery rate on critical files.