Free Kindergarten Association Whanau Manaaki chief executive Amanda Coulston said its IT provider told it about the cyberattack on Saturday.
Kaseya provides IT management software for managed service providers and small to mid-sized businesses.
US authorities suspect that Russian-based cybercriminal gang REvil may be behind the attack on firms and organisations using the IT management software Kaseya.
Ms Coulston said all member kindergartens — just over 100 — had been warned to keep their laptops and computers switched off while they checked whether any data had been accessed.
Hundreds of organisations across the world have also been affected, including at least 11 schools in New Zealand.
In Porirua, Awatea Kindergarten teacher Jo Young said the hack did not cause much disruption to the day.
It prevented her and colleagues from using their computers for administrative work, which was "really lovely".
"In my non-contact time I made rongoa kawakawa balm ready for Matariki, so I could actually just focus on things that I just enjoyed."
The hack did make it harder for the kindergarten’s administrator to keep a record of attendance.
"Where the challenge was is our administrator who came in had to work from the iPad.
"She was really frustrated having to use that."
Teachers were able to use their iPads for email and other tasks, Ms Young said.
IT specialists yesterday warned the full extent of the damage was yet to be seen.
Ms Coulston said the IT provider was working with the Ministry of Education.
"Everyone should keep their laptops and computers off and then if they need to communicate they do it through the iPad. So that just gives us time to do the work and just identify if we have been compromised or not."
This is the final week before term break.
"The teams have been really good," Ms Coulston said.
"They’re just focused on working with the children and going back to good old pen and paper for some things."
It was hugely disruptive and left the organisation in uncharted territory, Ms Coulston said.
"Essentially, they’re going through every one of our machines and working their way through and identifying if anything happened. There are so many unknowns with this attack.
"We wouldn’t want anything of ours going out to a Russian hacking group. We are hopeful over the next day or two that we have a much better idea."
The government agency tasked to help businesses hit by cyberattacks said it encouraged businesses never to pay ransom demands.
CERT NZ incident response manager Nadia Yousef said there were examples of businesses around the world paying out — only to be hit a few days later with further ransomware attacks.
The software was a tool used mostly by larger organisations, Ms Yousef said.
At the post-Cabinet media briefing, Education Minister Hipkins said the Ministry of Education had been working with affected schools and "further risk is being sort of isolated".
"Given the diversity of different systems that are used in schools ... we’re working with them to make sure that we isolate any potential risk there."
