A new ransomware called Ragnarok has been detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit. It is common for ransomware developers to exclude users in Russia and other former Soviet Union countries from being encrypted if they become infected. Ransomware will also avoid encrypting victims who have the 0804 language ID for China installed. It will also attempt to disable Windows Defender, clear Shadow Volume Copies, disable Windows automatic startup repair, and turn off the Windows Firewall.
Source: https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-targets-citrix-adc-disables-windows-defender/