One option you may want to start with is the free CloudFlare plan. They offer a variety of out of the box security features that may significantly cut down on the activity you are seeing. Implementation is as simple as updating your DNS settings.
The premium CloudFlare plan is the only way to implement a broad country filter. I suspected the majority of the activity you were seeing was from bots, in which case CF would help trim that down significantly.
Another option you could take is blocking IP ranges (ie. block russia/spain/brazil/etc, or allowing IP ranges from select countries only (ie. allow only US, CA, GB, etc). You can do this in CF, or alternatively via htaccess:
Allow/Deny directives are not very resource intense, and there is no DNS lookup performed with IP ranges, so I would not expect a noticeable change in performance outside of a a few microseconds.
Choosing to allow certain ranges, rather than deny a metric ton, may help keep the file smaller.
In any event, a determined hacker will spoof his IP/Country/etc to get around these types of barriers, so I’d say this will only prevent the laziest of the malicious.