The attack hit Renault on Friday night, a company spokesperson told the AFP news agency.
Production was halted at Revoz, the company's subsidiary in Slovenia, a spokesperson there said.
Production was also stopped at plants in France.
Paris prosecutors opened an inquiry into the attacks on Friday night.
A number of other countries, including Russia, Spain, Portugal, Mexico, Australia and the UK, have been worse affected.
The British National Health Service was hit by ransom demands for 300 dollars in bitcoins to preserve files.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the US's National Security Agency, according to Russian cybersecurity provider Kaspersky Lab.
Describing themselves as an #AccidentalHero, a cybersecurity researcher tweeting as @MalwareTechBlog on Saturday said the discovery of a kill switch was accidental.
"Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading," @MalwareTechBlog told the AFP news agency in a private message on Twitter.
People "need to update their systems ASAP" to avoid attack, the researcher warned.
"The crisis isn't over, they can always change the code and try again," @MalwareTechBlog said.