There is interesting fact: if you read entire blog entry, there is a statement about "one function of vSkimmer if the Internet is not available is to wait for a USB device with the volume name KARTOXA007 to be connected to the infected machine and to copy all the logs with the file name dumz.log and the card info collected from the victim to the USB drive." If you replace “R” with Russian letter “P” (Cyrillic letter for sound “R” is “P” which looks the same as Latin letter P) in a word “KARTOXA”, you get Russian word “КАРТОХА”. Now all the letters in this word are Cyrillic, they look the same as Latin letters but sound different. In Russian this word means “POTATO"...
More information about memory parsing/RAM scraping malware aimed on point of sale and payment applications:
Preventing Memory-Parsing Malware Attacks on Grocery Merchants
Dexter Malware Targeting Point-of-Sale (POS) Systems
Targeted Hospitality Sector Vulnerabilities