https://en.wikipedia.org/wiki/KOI8-R
> Kill switch, as always with APT28 malware, is setting the host language to ru_RU.KOI8-R (LANG environment variable). That disables the spread mechanism.
https://news.ycombinator.com/item?id=48460507
Note: KOI8-U is Ukrainian and would still trigger the worm/trojan/malware.
https://en.wikipedia.org/wiki/KOI8-R
> Kill switch, as always with APT28 malware, is setting the host language to ru_RU.KOI8-R (LANG environment variable). That disables the spread mechanism.
https://news.ycombinator.com/item?id=48460507
Note: KOI8-U is Ukrainian and would still trigger the worm/trojan/malware.