Data URL:

https://www.cs.princeton.edu/~yuxingh/ransomware-public-data/cerber-locky-addresses.csv.txt
      
The CSV file above contains wallet addresses to which potential
victims paid ransom for the Cerber and Locky ransomware.

We obtained the data by making micropayments (Section IV-B) to seed
ransom wallet addresses of synthetic victims (Section III-B). Here are
a few examples of the micropayments we made:

 * Cerber: 12W8BykzkuRiKVkp64D3iZKSQYQ1cBBhyZ - 0.001 BTC
 * Locky:  175mBiaNSSHAhoCbpv25y1rJYK4A7d7d1b - 0.002 BTC

Using the methodology in Section IV, we produce the table in
"cerber-locky-addresses.csv.txt". Here is what each column means:

 * family - Ransomware family, either Cerber or Locky

 * txn_hash - The transaction in which a potential victim paid ransom

 * output_index - The index in the transaction output that corresponds
   to the potential ransom wallet address

 * potential_ransom_wallet_addr - The ransom wallet address to which a
   potential victim paid the ransom

 * potential_ransom_btc/usd - The output amount to the address above

 * unix_ts - The unix timestamp of the block that contains the
   transaction