To protect the Industrial Internet of Things (IIoT) systems against ransomware attacks, their host machines systems activities need to be efficiently monitored by an efficient detection model that is able to accurately detect ransomware behavior and trigger an alarm before its impact extends to the critical control systems. However, the detection models for these hosts' machines encounter significant challenges in dealing with a high dimension data, few numbers of trained observations, and the dynamic behavior of ransomware. Therefore, there is a need for an efficient detection model that can address these challenges. In this paper, we propose a detection model based on the stacked Variational Auto-Encoder (VAE) with a fully connected neural network that is able to learn the latent structure of system activities and reveal the ransomware behavior. Further, we also come up with a data augmentation method based on VAE for generating new data that can be used in training a fully connected network in order to improve the generalized capabilities of the proposed detection model. The results showed that our proposed model achieved considerable performance in detecting ransomware activities.