US factories were among those affected, as were smelting plants in Norway.
Notices have been posted at the entrances to some of Hydro's offices telling employees not to log in to their computers.
Staff worldwide are instead using mobile phones and tablets to access their emails, according to Hydro's chief financial officer Eivind Kallevik.
At some factories, workers are using printed order lists while they remain unable to retrieve order data from their computers.
Norwegian security authorities said they were investigating the possibility that the cyber-attack was caused by a relatively new form of ransomware known as LockerGoga. However, they added it was not yet clear that this was the case.
A spokesman for Hydro also told the BBC that he could not yet confirm who was behind the attack.