One option is to use the geoip_city database file, which gives sub-country
granularity -- that note suggests that the particular case of "Crimea"
is approximately covered by (interpreting their region_codes.csv file)
UA,11,"Krym" and UA,20,"Sevastopol'".
Another option is to write your own database file, and group the IP
addresses that you want to block into your own country designation,
and then block that. Whether that is easy or possible is probably not
an nginx-specific question.