Recently, KrebsOnSecurity discovered that close to all ransomware strains have a particular built-in failsafe: they will not install on a device that uses specific virtual keyboards, specifically Russian or Ukrainian. Several Russian-language affiliate moneymaking programmes, including Darkside, prevent their criminal associates to install any malicious software on devices in several Eastern European countries. This is an attempt to minimise the chances of investigation against them by local authorities.
For example, in Russia, authorities have a tendency to avoid investigations against a Russian company or individual, particularly with regards to cybercrime. This way, criminals manage to lay low and avoid law enforcement.