Phishing emails are a primary and highly common delivery vector for ransomware. Attackers send emails that appear legitimate but contain malicious attachments (e.g., macro-enabled documents, ZIP files) or links to compromised websites. When the recipient opens the attachment or clicks the link, a script executes that downloads and installs the ransomware. This method is effective because it preys on human curiosity or urgency, bypassing technical security controls to gain an initial foothold within the target network.

A. This is too general. Phishing (Option D) is a specific and more precise type of social engineering commonly used for ransomware delivery.

B. While exploiting software vulnerabilities is a valid ransomware delivery method, phishing is consistently reported as one of the most frequent initial infection vectors.

C. Brute-force attacks are a method to gain unauthorized access to a system (e.g., via RDP), not a direct delivery mechanism for the payload itself.

---

1. Official Government Documentation: The U.S. Cybersecurity & Infrastructure Security Agency (CISA) identifies phishing as a top infection vector. In the joint CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) "Ransomware Guide," it states, "Malicious cyber actors most often deliver ransomware through phishing emails..."

Source: CISA & MS-ISAC, "Ransomware Guide," September 2020, Page 9, Section "Common Infection Vectors."

2. Peer-Reviewed Academic Publication: A comprehensive survey of ransomware in the ACM Computing Surveys journal identifies email as a primary propagation method. The authors note, "The most common way to deliver ransomware is through spam/phishing emails that contain malicious attachments or links."

Source: Al-Hawawreh, M., & Al-Zoubi, A. (2021). A Survey on Ransomware: Evolution, Taxonomy, and Defense. ACM Computing Surveys, 54(8), Article 167, Page 6, Section 3.1.1. https://doi.org/10.1145/3469421

3. Peer-Reviewed Academic Publication: Research published by IEEE confirms the prevalence of this method. The study highlights that attackers use social engineering tactics within emails to trick users into executing the malware.

Source: Al-rimy, B. A. S., Maarof, M. A., & Shaid, S. Z. M. (2018). Ransomware: A survey and a quantitative analysis. 2018 IEEE International Conference on Innovative Research and Development (ICIRD), Page 2, Section III, "RANSOMWARE DISTRIBUTION VECTORS." https://doi.org/10.1109/ICIRD.2018.8376317

4. University Courseware: Course materials for computer security at reputable universities consistently teach that phishing is a dominant malware delivery mechanism. For example, lectures on malware vectors emphasize how malicious email attachments and links are used to initiate infections.

Source: Patterson, D. (2021). CS 161: Computer Security, Lecture 2: Malware. University of California, Berkeley. Slide 23, "How does malware spread?".