We collected active ransomware samples from more than 60 ransomware families. Each ransomware sample was executed in a VirtualBox and then manually labeled by each family type. We developled our own tool to collect provenance data which will be made available here. We ran each ransomware sample for ten minutes or until all user files were encrypted. It took more than 90 days to run all samples and collect data. For citation, please refer to our paper below:
@inproceedings{ahmed2021peeler, title={Peeler: Profiling Kernel-Level Events to Detect Ransomware},
author={Ahmed, Muhammad Ejaz and Kim, Hyoungshick and Camtepe, Seyit and Nepal, Surya},
booktitle={European Symposium on Research in Computer Security},
pages={240--260}, year={2021}, organization={Springer}}