A question for someone who understands how this stuff works.
For a system that was vulnerable, infected, but powered down when the attack hit, would disconnecting from the internet prior to powering up enable the cleaning of the system before worm could get instructions to encrypt? If so, why is that not being widely disseminated?
The real answer to your question is no. Everything can happen, but once you are infected with a ransomware the program does not need the internet to continue its operation of encrypting files (at least in all ransomware that I saw analysis od, which is a lot.)
In a theoretical situation, which would probably never happen, that you somehow figure out that you are infected but the (or some of the) files are still not encrypted, the best thing would be to load the hard drive from a different system (a non-Windows boot CD preferred) and grab all files, and then attempt to clean everything (cleaning an actual virus is...never a definite thing, it might be cleaned or the virus might be more persistent, unless a real pro - and a pro in virus removal because a lot of computer pros do not have a clue in this stuff - does it.
Attack was facilitated by a worm. Apparently malicious code was implanted in systems by clicking on email links and lay dormant (or spread themselves further but did not encrypt) until activated Friday. It's possible the trigger was a date/time but I think it's much more likely they triggered it and a time of their choice.
You somewhat misunderstood this specific infection (WannaCry) and its way of infecting.
The initial infection for some computers was through email link etc. (it is not entirely clear at this point.) And on the systems that were infected that way the virus was a regular virus, nothing with a worm or time-activation. Just after (or at least when it was well in the midst) of taking the local computer's files ransom, the worm kicked in and scanned first the LAN for any PC with this vulnerability not patched, and infected it, then it started scanning random IPs over the internet for this vulnerability.
But the point, relevant to your question, is, that once a PC was infected one way or the other it started encrypting right away.