A macOS pseudo-ransomware attack from September 2017 that could also be used to irritate iOS users may continue to plague Apple users. Macworld reader Richard says one morning he found his iPhone and iPad locked in Lost Mode. He was unable to regain access, and had to use Apple’s recovery process to verify his identity. This happened two weeks later to his wife’s iPhone and iPad, and then a friend of his wife’s had the same experience.
This is almost certainly related. In the previous attack, crackers would use database of passwords stolen and cracked from the many billions of leaked account/password combinations in the last few years. Some of those accounts were from iCloud users who used an icloud.com email address for their account name and re-used the same password on another site they used with iCloud.