Sorry to say, the crooks can remotely lock a Mac just as easily. . . this is a security feature Apple provides to secure your data in case your Apple device is stolen. . . and makes it useless to the thief. The problem here is that those who are having this happen used the same password on their Apple iCloud as they did on their eBay account. . . and eBay was hacked last week and millions of unencrypted email addresses and passwords were stolen. They are being used by crooks to try accesses to see if they can get in and when they do. . .
This merely highlights WHY one should have different passwords for every site one uses. . . Pain in the neck though that may be.
I keep a notebook of my passwords.