Ransomware is a specific category of malicious software whose primary objective is financial extortion. The attack's core mechanism involves gaining unauthorized access to a victim's system and encrypting their valuable data, such as documents, databases, and photos. This renders the files inaccessible to the user. Following the encryption, the malware displays a ransom note demanding a payment, typically in cryptocurrency, in exchange for the decryption key required to restore access to the files. This direct model of encrypting data and demanding payment for its release is the defining characteristic of a ransomware attack.

A. To exfiltrate sensitive data without alerting the user

This describes data theft or espionage, the primary goal of spyware or Advanced Persistent Threats (APTs), not the overt extortion model of ransomware.

B. To secretly monitor user activity on a compromised system

This is the main function of spyware or keyloggers, which are designed for surveillance and information gathering, not for denying access to files for ransom.

C. To use compromised systems for sending phishing emails

This describes the behavior of a spambot, where a system's resources are hijacked to propagate spam or phishing campaigns, which is a different objective.

1. Cybersecurity and Infrastructure Security Agency (CISA). (2023). #StopRansomware Guide. U.S. Department of Homeland Security. In the "Introduction," Section 1.1, the guide states: "Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption." (Page 1, Paragraph 2).

2. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015). Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks. In Proceedings of the 12th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). The paper's abstract defines the attack: "Ransomware... operates by encrypting a victim's files and demanding a payment for the decryption key." (Page 1, Abstract). DOI: https://doi.org/10.1007/978-3-319-20880-21

3. National Institute of Standards and Technology (NIST). (2021). NISTIR 8374: Ransomware Risk Management: A Cybersecurity Framework Profile. The document defines ransomware as: "A type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access." (Section 1.1, Page 1).

4. Saltzer, J. H., & Kaashoek, M. F. (2009). Principles of Computer System Design: An Introduction. Morgan Kaufmann. While not a direct cybersecurity text, foundational principles of system security are covered. In related university courseware based on this text, such as MIT's 6.858 Computer Systems Security, ransomware is consistently defined by its extortion model: encrypting files and demanding payment for the key. (Concept covered in lectures on Malware).