One of my favorite stories is the one of how middle east terror group started kidnapping Soviets in that part of the world. The Soviets took relatives of the terrorists and started chopping off body parts, sending them, with a nice little note telling them more were on the way. Hostages released asap and it never happened again.
The code used by the ransomware hackers apparently has code built in to it to avoid installing itself on machines that are likely to be in Russia or some related countries, including Syria. Apparently the hackers really want to avoid ending up dead or in jail.
Some people install the Russian keyboard option, or make registry changes so that their machines appear to be in Russia as a defense against the malware.
If our government was doing what it should be doing hackers and call center fraud operators worldwide should be avoiding Americans, not concentrating on us.
I read an article that Russian hackers avoid Window computers/servers with virtual Russian keyboards. By NOT targeting these computers, it keeps the local heat off of them.