What's the end goal here?

I know that after a phone has been stolen, attackers want to gain access to an Apple account to remove the activation lock. But in this case, no devices had been stolen yet. The most they could do would be to… remotely mark the devices as stolen? Then ask the victim to pay to unlock them?