Bavacai is a ransomware group that emerged in 2026, operating a single-stage ransomware encryptor. The group's primary motivation is financial, employing a double extortion strategy that involves encrypting victim files and threatening to publish exfiltrated data if ransom demands are not met. A distinguishing characteristic of Bavacai is the observed amateur development signals within its binary, indicated by verbose debug logging, unobfuscated strings, and the inclusion of developer PDB paths.