The attack started in Luxembourg on Friday 12 May, so people may only find a suspicious e-mail in their inbox when they return to work on Monday 15 May.
The various cybersecurity centres recommend not opening any e-mails from unknown senders and especially not opening any attached files. They also recommend to do a back-up offline (an “out-of-hand back-up”), and to install the Windows update Windows MS17-010.
As soon as a machine is infected, the ransomware encrypts all the accessible data (local and on the network) and attempts to spread throughout the company. There is a vulnerability in the Microsoft software, for which there is now a recent update.
You can read Circl’s advice here.