I'm not sure about "delayed action" infections, as opposed to a delayed reaction noticing that it was happening. We've had many clients get this infection. Most of them didn't realize it had happened for at least one day, some two. The process of encrypting hundreds of thousands of files can take a LONG TIME, especially on a slow computer, or over a network connection. There is no advantage for the bad guy to delay the infection, since the longer it hangs around, the more likely it will be detected and stopped.
We've had savvy users click an email link and immediately feel like something was wrong. They shut the computer off and called us. We were able to determine the virus was in the process of systematically going through their hard drive, alphabetically, encrypting files. In one case, it only made it to the letter "M". In another case, the encryption went through the infected computer fully, and it was shutdown as the encryption was working on the files on the server. That time it made it through the letter "O".
We've had some clients attempt to work with infected computers for a couple of days, before they reported the problem to us. After all, they could create new documents, do their web surfing and web email without a problem. Eventually, they realize that they cannot open old documents.