The BAVACAI ‘.BAVACAI’ Medusalocker Variant: A Definitive Forensic Recovery Guide
In our recovery lab today at Lockbit Decryptor, we isolated the BAVACAI ransomware strain, identified by the .BAVACAI extension and the WHATS_HAPPEND.txt note. Our forensic analysis definitively identifies this as a variant of the MedusaLocker ransomware family. This strain employs a robust hybrid cryptosystem. Critically, our analysis indicates that this variant correctly implements the cryptographic…