One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots to launder money.”
“Working with RU” is not a great idea where cybercriminals’ safety is concerned: people from other countries are unlikely to report an incident to the Russian police. In addition, online banking is not very popular in the RU zone – at least, it is much less popular than in the West. This means that the potential income from operating in the RU zone is lower than in other zones, while the risk is higher. Hence the rule “Don’t work with RU”.
https://securelist.com/blog/research/75040/lurk-banker-trojan-exclusively-for-russia/